pthread stubs in libX11 vs. libxcb

Alan Coopersmith alan.coopersmith at oracle.com
Thu Sep 29 00:29:19 UTC 2022 

To handle https://gitlab.freedesktop.org/xorg/lib/libx11/-/issues/162,
I've merged https://gitlab.freedesktop.org/xorg/lib/libx11/-/merge_requests/155
to link against the real threads library on platforms that don't have it in libc
if the --disable-thread-safety-constructor configure option is not used.

But after thinking some more, and re-reading the README in the pthread-stubs
repo about it's design flaw, I'm wondering if that's not enough.

The pthread-stubs README points out:

   With previous design, one could get mismatched calls to the pthreads API.
   Consider the following scenario:
    - Program and/or its dependencies links only against libpthread-stubs,
      since it uses lightweight API. Say pthread_mutex_lock.
    - At a later stage the program and/or its dependencies dlopens a library
      which effectively [either directly or via any of its own dependencies]
      pulls a full blown pthread. Let's call that libB.
    - The libpthread-stubs weak symbols get overridden by the libB ones.
    - pthread_mutex_unlock is executed (which now originates from libB) and BOOM.

[ https://gitlab.freedesktop.org/xorg/lib/pthread-stubs/-/blob/master/README ]

Which in hindsight, sounds a lot like that bug 162 linked above - the libX11
xlib_ctor would call XInitThreads() at library load time, which would use the
stubs to fake initializing the mutexes, and then libxcb would be loaded later
(likely when XOpenDisplay() is called) pulling in the real pthreads library,
and libX11 would then call it to use the supposedly initialized, but not really,
mutexes, and boom.

So since libX11 always loads libxcb now, and libxcb always loads the system
threads library, I think the case I left of allowing libX11's old pthread stubs
if we're not using the thread safety constructor is still at risk of crashing,
just in a smaller set of circumstances than the case we just fixed.

Does anyone disagree?

I'm thinking the change should look something like this:
https://gitlab.freedesktop.org/xorg/lib/libx11/-/merge_requests/156

-- 
         -Alan Coopersmith-                 alan.coopersmith at oracle.com
          Oracle Solaris Engineering - https://blogs.oracle.com/solaris

More information about the xorg-devel mailing list