Hi,
I recently encountered a similar bug like this one
http://www.freebsd.org/cgi/query-pr.cgi?pr=76690 in openbsds pthread
library. It seems that if the malloc lock is not obtained before the
fork bad things may happen on following free's in the forked child. This
is my take at fixing this bug.
Regards
Erik
Index: lib/libpthread/uthread/uthread_fork.c
===================================================================
RCS file: /cvs/src/lib/libpthread/uthread/uthread_fork.c,v
retrieving revision 1.22
diff -u -r1.22 uthread_fork.c
--- lib/libpthread/uthread/uthread_fork.c 12 Jul 2010 03:52:52 -0000
1.22
+++ lib/libpthread/uthread/uthread_fork.c 12 Dec 2011 07:58:17 -0000
@@ -95,8 +95,16 @@
pid_t ret;
pthread_t pthread;
+ /* Obtain the malloc lock before processing or else we may be in a
+ * inconsistent state when using malloc/free later on in the child.
+ */
+ _thread_malloc_lock();
+
/* Fork a new process and reset child's state */
if ((ret = (vfork ? _thread_sys_vfork() : _thread_sys_fork())) == 0) {
+ /* Release lock so we can do things again */
+ _thread_malloc_unlock();
+
/* Close the pthread kernel pipe: */
_thread_sys_close(_thread_kern_pipe[0]);
_thread_sys_close(_thread_kern_pipe[1]);
@@ -231,6 +239,9 @@
}
}
}
+
+ /* Release lock so we can do things again */
+ _thread_malloc_unlock();
/* Return the process ID: */
return (ret);
