https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=285870
Bug ID: 285870
Summary: Bug in atexit code in rare specific case + patch to
correct it
Product: Base System
Version: 14.2-RELEASE
Hardware: amd64
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: bin
Assignee: b...@freebsd.org
Reporter: free...@ap2c.com
Attachment #259304 text/plain
mime type:
Created attachment 259304
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=259304&action=edit
Code example which generates the bug
Since at least five years the use of dlib-cpp as a shared library loaded with
dlopen and freed with dlclose lead the main program to crash with a
segmentation fault when it exit (example: when the "pdlib" PHP wrapper is used
php crashes after the main routine returns).
After debugging the problem I noticed that it crashes because __cxa_atexit was
called during a call to a function (previously registered with a __cxa_atexit
call) during __cxa_finalize when the shared library was closed.
I wrote an simple code which mimics the bug. You will find it attached to this
bug report. To use it:
$ c++ -o atexit atexit.cpp
$ c++ -fPIC -shared -o libatexit.so atexit.cpp -DSHARED
$ ./atexit
CA instance destroyed
closed
[1] 28802 segmentation fault (core dumped) ./atexit
lldb confirms that it crashes because it tries to call a function which doesn't
exists anymore:
(lldb) bt
* thread #1, name = 'atexit', stop reason = signal SIGSEGV: address not mapped
to object (fault address: 0x824784b90)
* frame #0: 0x0000000824784b90
frame #1: 0x000000082275af7f libc.so.7`__cxa_finalize + 319
frame #2: 0x000000082275b4dc libc.so.7`exit + 76
frame #3: 0x000000082267bc41 libc.so.7`__libc_start1 + 305
frame #4: 0x0000000000201780 atexit`_start at crt1_s.S:83
--
You are receiving this mail because:
You are the assignee for the bug.
