Summary: weechat hangs/crashes if libpthread.so.0 is loaded
after startup and GnuTLS is used
Submitted by: mixi
Submitted on: Thu 13 Feb 2014 10:56:47 AM GMT
Severity: 3 - Normal
Item Group: other
Assigned to: None
Discussion Lock: Any
IRC nick: mixi
GnuTLS sets up mutexes with pthread_mutex_init before libpthread.so.0 is
loaded. This works because glibc provides stubbed pthread functions, which are
used when libpthread.so.0 is not loaded. Because some weechat plugins link to
libpthread.so.0, it is loaded after the mutex is thought to be initialized
with pthread_mutex_init (which is actually a stub, because the libpthread.so.0
wasn't loaded) and later calls to e.g. pthread_mutex_lock/pthread_mutex_unlock
use code from libpthread.so.0, which assumes the mutex was properly
initialized. This causes weechat to crash in some cases and hang in
pthread_mutex_lock in other cases (as shown in the attached file).
This is not a problem when compiling weechat with autotools, because it links
the weechat binary with libpthread.so.0. With cmake this only happens on
Yes, I can concur that this is indeed what's happening, and that the patch
I've posted fixes the issue.
FlashCode asked for more explanation, so here goes:
The CMakeLists.txt has a section in it that only adds “-lpthread” on
OpenBSD platforms. For all other platforms, libpthread is not linked.
However, gnutls uses libpthread. The glibc developers were clever and set
things up such that if you don't explicitly link against libpthread, and
library code still uses the functions from it, you'll instead wind up using
functions that all return 0. This is so that single-threaded programs aren't
burdened with the overhead of mutexes and such, when they aren't needed.
So when weechat was loaded, it would also load gnutls. Gnutls would then make
several calls to pthread_mutex_init. Since libpthread wasn't loaded, this
function would be hitting the code inside libc, which would simply return 0.
So the mutex would never be initialized and instead it would contain
uninitialized junk from malloc(). This was fine, since all the other pthread
functions that libc implements do the same – return 0 – so nothing bad
happens since that data is never touched.
However, later in the weechat initialization, the python plugin is loaded.
This plugin directly or indirectly links in the proper libpthread. This means
that after this point, all function calls to pthread_mutex_lock and
pthread_mutex_unlock are hitting the real pthread code, that actually works
with the data and does a lot more than simply return 0. But because these
mutexes were not initialized before with the zero-returning
pthread_mutex_init, the lock and unlock functions are dealing with
uninitialized random malloc() data. And so, in lots of cases, we crash, or
My patch simply removes the “if OpenBSD” guard and links against