Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-72011

glibc: ctype.h macros segfault in multithreaded programs with multiple libc.so [rhel-8]

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • No
    • Impediment
    • Low
    • ZStream
    • Hide
      10a66a8e421b09682b774c795ef1da402235dddc
      a894f04d877653bea1639fc9a4adf73bd9347bf4
      e0c0f856f58ceb68800a964c36c15c606e7a8c4c
      2745db8dd3ec31045acd761b612516490085bc20
      e5363e6f460c2d58809bf10fc96d70fd1ef8b5b2
      Show
      10a66a8e421b09682b774c795ef1da402235dddc a894f04d877653bea1639fc9a4adf73bd9347bf4 e0c0f856f58ceb68800a964c36c15c606e7a8c4c 2745db8dd3ec31045acd761b612516490085bc20 e5363e6f460c2d58809bf10fc96d70fd1ef8b5b2
    • 1
    • rhel-pt-c-libs
    • ssg_platform_tools
    • 1
    • True
    • False
    • Hide

      Waiting on RHEL-72017 to go to CLOSED.

      Show
      Waiting on RHEL-72017 to go to CLOSED.
    • Yes
    • PT C Libraries Refinement
    • Approved Blocker
    • None
    • None
    • Bug Fix
    • Hide
      .glibc: `ctype.h` macros caused segmentation faults in multithreaded programs with multiple `libc.so`

      Previously, the internal state for ‎`<ctype.h>` in secondary C library copies created by audit or with ‎`dlmopen` failed to initialize for threads created with ‎`pthread_create`. As a consequence, using ‎`<ctype.h>` functionality, either directly or indirectly, in secondary threads and namespaces resulted in program crashes.

      With this update, the internal state for ‎`<ctype.h>` is initialized to refer to the ‎`C` locale for secondary threads and namespaces. As a result, using functionality from ‎`<ctype.h>` in these scenarios no longer causes crashes.
      Show
      .glibc: `ctype.h` macros caused segmentation faults in multithreaded programs with multiple `libc.so` Previously, the internal state for ‎`<ctype.h>` in secondary C library copies created by audit or with ‎`dlmopen` failed to initialize for threads created with ‎`pthread_create`. As a consequence, using ‎`<ctype.h>` functionality, either directly or indirectly, in secondary threads and namespaces resulted in program crashes. With this update, the internal state for ‎`<ctype.h>` is initialized to refer to the ‎`C` locale for secondary threads and namespaces. As a result, using functionality from ‎`<ctype.h>` in these scenarios no longer causes crashes.
    • Done
    • Done
    • Done
    • Unspecified
    • None

      The ctype.h macros (isdigit, isspace, etc.) segfault if called from a secondary thread (created in the base namespace) and dlmopen'd namespace.

      In this scenario `*_ctype_b_loc()` is a zero pointer which causes the segfault. AFAICT `_ctype_init()` is only called for the base namespace during `start_thread()`, the dlmopen'd namespace's locale TLS is left default-initialized to a zero pointer that then gets dereferenced in the `isdigit()` macro and segfaults.

       

      This has already been filed upstream https://sourceware.org/bugzilla/show_bug.cgi?id=32483 and appears to affect all versions of glibc including upstream glibc.

      A RH glibc engineer has already done an initial evaluation and posted a patch upstream https://sourceware.org/pipermail/libc-alpha/2024-December/162893.html

      The customer request is to backport this upstream patch and include it in RHEL8.10 (current production), RHEL 9.5 (currently in testing), and make sure that it is included in RHEL10.

       

      Kindly let me know if we need to raise separate Jira's for RHEL 9 and RHEL 10.

       

      Also, the customer has shared reproducer programs as attachment "reproducer.tar.gz" which I have attached to this Jira now.

        1. reproducer.tar.gz
          0.6 kB

              glibc-bugzilla Platform Tools - Libraries Bot
              rhn-support-vrajput Virendrasingh Rajput
              Michal Stubna
              Platform Tools - Libraries Bot Platform Tools - Libraries Bot
              Martin Coufal Martin Coufal
              Malhar Jivrajani Malhar Jivrajani
              Votes:
              1 Vote for this issue
              Watchers:
              15 Start watching this issue

                Created:
                Updated: