PR# 13729 Routine `eraise' can get seg fault if error early in process lifetime
Problem Report Summary
Submitter: prestoat2000
Category: Runtime
Priority: Medium
Date: 2007/12/07
Class: Bug
Severity: Serious
Number: 13729
Release: 6.1.71424
Confidential: No
Status: Open
Responsible:
Environment: Mozilla/5.0 (X11; U; SunOS i86pc; en-US; rv:1.8.1.5) Gecko/20070719 Firefox/2.0.0.5
Solaris 10 on x86
Synopsis: Routine `eraise' can get seg fault if error early in process lifetime
Description
Based on code inspection, it looks like `eif_thr_init_root' (for MT code) calls EIF_TSD_CREATE which for the pthreads case is a call to `pthread_key_create' which can fail with ENOMEM. If this call fails, EIF_TSD_CREATE calls `eraise'. But eraise calls RT_GET_CONTEXT and EIF_GET_CONTEXT which will set locals to NULL since the key is invalid. It will then try to reference `echmem', which is (eif_globals->exdata_cx).ex_nomem This will cause a seg fault since `eif_globals' is NULL. Since signal handlers haven't been setup yet, the process will terminate without reporting the "could not create key" message. I know that in some cases you cannot report an error (e.g., if process exceeds datasize limit before "main" is even called) but there is nothing you can do about that. It seems to me that `eraise' should work correctly early in the process lifetime and in cases where the process does not have enough memory.
To Reproduce
Problem Report Interactions