Details
-
Bug
-
Status: Open (View Workflow)
-
Major
-
Resolution: Unresolved
-
11.0.0
-
None
Description
Hi, we found a bug, in which, pthread_join possibly destroys threads that are not created.
Specifically, in the below code, when pthread_mutex_init(&thd->data_mutex, NULL) || pthread_cond_init(&thd->avail_cond, NULL) || pthread_cond_init(&thd->data_cond, NULL) || pthread_cond_init(&thd->done_cond, NULL) happens, the code executes destroy_worker_thread(threads + i); for error handling. However, the code destroy_worker_thread would join a not-created thread.
Thank you for your checking.
static void destroy_worker_thread(comp_thread_ctxt_t *thd){ |
pthread_join(thd->id, NULL);
|
my_free(thd->to);
|
}
|
static comp_thread_ctxt_t * create_worker_threads(uint n){ |
|
|
|
|
for (i = 0; i < n; i++) { |
if (pthread_mutex_init(&thd->data_mutex, NULL) || |
pthread_cond_init(&thd->avail_cond, NULL) ||
|
pthread_cond_init(&thd->data_cond, NULL) ||
|
pthread_cond_init(&thd->done_cond, NULL)) {
|
goto err; |
}
|
|
|
|
|
if (pthread_create(&thd->id, NULL, compress_worker_thread_func, |
thd)) {
|
msg("compress: pthread_create() failed: " |
"errno = %d", errno); |
goto err; |
}
|
}
|
|
|
return threads; |
|
|
err:
|
for (; i; i--) { |
destroy_worker_thread(threads + i);
|
}
|
|
|
my_free(threads);
|
return NULL; |
}
|
Locations:
https://github.com/MariaDB/server/blob/b1856aff37557e82b0e53ddbd89fc41f86df07e6/extra/mariabackup/ds_compress.cc#L387-L420
https://github.com/MariaDB/server/blob/b1856aff37557e82b0e53ddbd89fc41f86df07e6/extra/mariabackup/ds_compress.cc#L359-L374