While using pthread_key_create() to prepare a key to be used by various threads to maintain thread specific data, ensure that the thread specific data stored for a key is cleaned up when the thread exits otherwise there could be potential memory leaks or misuse of data.
...
The dynamically allocated block of memory for every thread results in a memory leak and is not destroyed in the noncompliant code example. This also leads to a potential vulnerability to access the one thread's specific data even after it exits apart from a memory leak.
| Code Block | ||
|---|---|---|
| ||
#include <pthread.h> #include <stdio.h> #include <stdlib.h> /* function prototypes */ void destructor(void * data); void* function(); void add_data(); void print_data(); /* global key to the thread specific data */ pthread_key_t key; enum {max_threads = 3}; int main( void )*get_data() { int i,ret; Â pthread_t thread_id[max_threads]; Â /* create the key before creating the threads */ Â pthread_key_create( &key, NULL ); Â /* create threads that would store specific data*/ Â for(i =0; i < max_threads; i++){ Â Â Â pthread_create( &thread_id[i], NULL, function, NULL ); Â } Â for(i=0;i < max_threads; i++){ Â Â Â ret = pthread_join(thread_id[i], NULL); if(ret !=0)*arr = malloc(2*sizeof(int)); if (arr == NULL) { /* Handle Error */ } } Â } Â pthread_key_delete(key); } void *function(void){ Â add_dataarr[0] = rand(); arr[1] = rand(); Â print_data(); Â pthread_exit(NULL) return arr; } void add_data(void) { Â int *data = get_data(); Â int result; if ((result = pthread_setspecific( key,(void *)data); } int *get_data(){ Â int *arr = malloc(2*sizeof(int)); Â *arr = rand(); Â *(arr+1) = rand(); Â return arr;)) != 0) { /* Handle Error */ } } void print_data() { Â /* get this thread's global data from key */ Â int *data = pthread_getspecific(key); /* Printprint data */ } |
Noncompliant Code Example
This code example is an improvement over the above sample where we try to avoid a memory leak. However if the address of the data is known it could still lead to a potential vulnerability. If for any reason the data received from an arbitrary function get_data() is NULL, a call to free(pthread_getspecific(key) would be equivalent to free(NULL) for which the compiler takes no action by standard. This solution however does not avoid a call to free when there is no thread specific data, which is not unsafe but can be avoided (shown in Compliant Solution).
| Code Block | ||
|---|---|---|
| ||
#include <pthread.h> #include <stdio.h> #include <stdlib.h> /* function prototypes */ void destructor(void * data); void* function(); void void *function(void* dummy) { add_data(); void print_data(); /* global key to the thread specific data */ pthread_key_t key; enum {max_threads = 3};pthread_exit(NULL); return NULL; } int main( void) ){ Â int i,retresult; Â pthread_t thread_id[max_threads]; Â /* create the key before creating the threads */ Â if ((result = pthread_key_create( &key, NULL ); Â ) != 0) { /* Handle Error */ } /* create threads that would store specific data */ Â for (i = 0; i < max_threads; i++) { Â Â Â if ((result = pthread_create( &thread_id[i], NULL, function, NULL )) ); Â != 0) { /* Handle Error */ } } Â for (i = 0; i < max_threads; i++) { Â Â Â ret if ((result = pthread_join(thread_id[i], NULL)); if(ret != 0) { /* Handle Error */ } Â } Â if ((result = pthread_key_delete(key)) != 0) { /* Handle Error */ } return 0; } |
Noncompliant Code Example
This code example is an improvement over the above sample where we try to avoid a memory leak. However if the address of the data is known it could still lead to a potential vulnerability. If for any reason the data received from an arbitrary function get_data() is NULL, a call to free( pthread_getspecific(key)) would be equivalent to free(NULL) for which the compiler takes no action according to the standard. This solution however does not avoid a call to free() when there is no thread specific data, which is not unsafe but can be avoided (as shown in the subsequent compliant solution).
| Code Block | ||
|---|---|---|
| ||
void *function(void* dummy) { Â add_data(); Â print_data(); free( pthread_getspecific(key)); Â pthread_exit(NULL); return NULL; } void add_data(void){ Â int *data = get_data(); Â pthread_setspecific( key,(void *)data); } int *get_data(void){ Â int *arr = malloc(2*sizeof(int)); Â *arr = rand(); Â *(arr+1) = rand(); Â return arr; } void print_data(void){ Â /* get this thread's global data from key */ Â int *data = pthread_getspecific(key); /* Print data *//* ... Other functions are unchanged */ int main(void) { /* ... */ if ((result = pthread_key_delete(key)) != 0) { /* Handle Error */ } return 0; } |
Compliant Solution
The This compliant solution avoids the memory leak and destroys value associated to a key for the thread specific data. A destructor function is a clean approach because it would automatically set sets the specific value associated to the key to NULL on when the thread exitexits. In case a any particular thread does not maintain specific data (a call to pthread_getspecific() returns NULL), it also ensures that the destructor function is not executed unnecessarily on when the thread exitexits.
| Code Block | ||
|---|---|---|
| ||
#include <pthread.h> #include <stdio.h> #include <stdlib.h> /* function prototypes */ void void* destructor(void * data); { void* function(); void add_data(); void print_data( free(data); /* global key to the thread specific data */ pthread_key_t key; enum {max_threads = 3}; void destructor(void * data){ Â free(data)return NULL; } int main( void) ){ Â int i,result; Â pthread_t thread_id[max_threads]; Â /* create the thread specific data key before creating the threads */ Â pthread_key_create( &key, destructor ); Â /* create thread that will use the key */ Â for(i =0; i < max_threads; i++){ Â Â Â pthread if ((result = pthread_key_create( &thread_id[i]key, NULL, function, NULL ); Â } Â Â for(i=0;i < max_threads; i++){ Â Â Â int ret = pthread_join(thread_id[i], NULL); Â Â Â if(ret !=0){ Â Â Â destructor)) != 0) { /* Handle Error */ Â Â Â } Â } Â pthread_key_delete(key); } void *function(void){ Â add_data(); Â print_data(); Â pthread_exit(NULL); } void add_data(void){ Â int *data = get_data(); /* set current thread's data */ Â pthread_setspecific( key,(void *) data); } int *get_data(void){ Â int *arr = malloc(2*sizeof(int)); /* Not handling the integer overflow */ Â *arr = rand(); Â *(arr+1) = rand(); Â return arr; } void print_data(void){ Â /* retrieve current thread's data from key */ Â int *data = pthread_getspecific(key); /* Print Data */ } ... */ if ((result = pthread_key_delete(key)) != 0) { /* Handle Error */ } return 0; } |
Risk Assessment
Failing to destroy the objects could lead to memory leaks and misuse of data
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
POS45-C | medium | unlikely | medium | P2 | L3 |