https://bugs.exim.org/show_bug.cgi?id=2377
Bug ID: 2377
Summary: allocator_grab_lock not thread safe on windows
Product: PCRE
Version: 10.32 (PCRE2)
Hardware: x86-64
OS: Windows
Status: NEW
Severity: bug
Priority: medium
Component: Code
Assignee: ph10@???
Reporter: julien.cugniere@???
CC: pcre-dev@???
In the windows port, function allocator_grab_lock from sljitutils.c looks like
this :
static HANDLE global_mutex = 0;
SLJIT_API_FUNC_ATTRIBUTE void SLJIT_FUNC sljit_grab_lock(void)
{
/* No idea what to do if an error occures. Static mutexes should never
fail... */
if (!global_mutex)
global_mutex = CreateMutex(NULL, TRUE, NULL);
else
WaitForSingleObject(global_mutex, INFINITE);
}
This is racy: if the first call to sljit_grab_lock occurs from multiple thread
at the same time (can happen when synchronizing threads), the mutex will be
created multiple times. This can produce crashes (multiple concurrent accesses
to the allocator) or deadlocks (some thread will create and lock one mutex, and
later unlock a different one, and some thread will be waiting on a mutex that
no one will unlock).
One workaround is to compile a dummy regular expression from the main thread
before using PCRE in other threads.
This issue occurs frequently in one of my programs, but apparently, someone
else discovered it a while back, along with a few other issues:
https://cure53.de/pentest-report_pcre.pdf
--
You are receiving this mail because:
You are on the CC list for the bug.
