[MDEV-30726] Destroying threads that are not created Created: 2023-02-25  Updated: 2023-11-28

Status: Open
Project: MariaDB Server
Component/s: mariabackup
Affects Version/s: 11.0.0
Fix Version/s: 10.5, 10.6, 10.11

Type: Bug Priority: Major
Reporter: Ryan Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: None


 Description   

Hi, we found a bug, in which, pthread_join possibly destroys threads that are not created.

Specifically, in the below code, when pthread_mutex_init(&thd->data_mutex, NULL) || pthread_cond_init(&thd->avail_cond, NULL) || pthread_cond_init(&thd->data_cond, NULL) || pthread_cond_init(&thd->done_cond, NULL) happens, the code executes destroy_worker_thread(threads + i); for error handling. However, the code destroy_worker_thread would join a not-created thread.

Thank you for your checking.

static void destroy_worker_thread(comp_thread_ctxt_t *thd){
 
	pthread_join(thd->id, NULL);
 
	my_free(thd->to);
 
}
 
static comp_thread_ctxt_t * create_worker_threads(uint n){
 
 
 
 
 
	for (i = 0; i < n; i++) {
 
		if (pthread_mutex_init(&thd->data_mutex, NULL) ||
 
		    pthread_cond_init(&thd->avail_cond, NULL) ||
 
		    pthread_cond_init(&thd->data_cond, NULL) ||
 
		    pthread_cond_init(&thd->done_cond, NULL)) {
 
			goto err;     
		}
 
 
 
 
 
		if (pthread_create(&thd->id, NULL, compress_worker_thread_func,
 
				   thd)) {
 
			msg("compress: pthread_create() failed: "
 
			    "errno = %d", errno);
 
			goto err;
 
		}
 
	}
 
 
 
	return threads;
 
 
 
err:
 
	for (; i; i--) {
 
		destroy_worker_thread(threads + i);
 
	}
 
 
 
	my_free(threads);
 
	return NULL;
 
}

Locations:
https://github.com/MariaDB/server/blob/b1856aff37557e82b0e53ddbd89fc41f86df07e6/extra/mariabackup/ds_compress.cc#L387-L420
https://github.com/MariaDB/server/blob/b1856aff37557e82b0e53ddbd89fc41f86df07e6/extra/mariabackup/ds_compress.cc#L359-L374
Generated at Thu Feb 08 10:18:26 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.