[Mono-bugs] [Bug 470568] New: mono_thread_current() called after TlsFree(current_object_key)

bugzilla_noreply at novell.com bugzilla_noreply at novell.com
Thu Jan 29 06:19:36 EST 2009 

https://bugzilla.novell.com/show_bug.cgi?id=470568


           Summary: mono_thread_current() called after
                    TlsFree(current_object_key)
    Classification: Mono
           Product: Mono: Runtime
           Version: 2.4.x
          Platform: Other
        OS/Version: Other
            Status: NEW
          Severity: Minor
          Priority: P5 - None
         Component: misc
        AssignedTo: mono-bugs at lists.ximian.com
        ReportedBy: andyhume32 at yahoo.co.uk
         QAContact: mono-bugs at lists.ximian.com
          Found By: ---


Created an attachment (id=268601)
 --> (https://bugzilla.novell.com/attachment.cgi?id=268601)
Application Verifier log

User-Agent:       Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR
2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648;
NET CLR 3.5.21022)

Might this instead be titled: mono_thread_current called after
mono_thread_cleanup, or is that necessary behaviour?

Running App Verifier on Windows shows the error below[1].
[[
..
<avrf:logEntry … LayerName="TLS" StopCode="0x352" Severity="Error">
<avrf:message>Using an invalid TLS index.</avrf:message>
<avrf:parameter1>1aabba - TLS index</avrf:parameter1>
<avrf:stackTrace>
  <avrf:trace>vfbasics!CheckTlsIndex+ce</avrf:trace>
  <avrf:trace>vfbasics!AVrfpTlsGetValue+48</avrf:trace>
  <avrf:trace>mono!mono_thread_current+13</avrf:trace>
..
]]
The complete log is attached.

With some debugging, the key value used in TlsGetValue is the same are was
given by TlsAlloc, however further debugging shows an intervening call to
TlsFree(current_object_key) in mono_thread_cleanup.  Some printf debugging:
[[
mono_thread_init: Allocated current_object_key 0x18
mono_thread_current: mono_thread_current calling GET_CURRENT_OBJECT key: 0x18
mono_thread_current: mono_thread_current calling GET_CURRENT_OBJECT key: 0x18
…cut…
mono_thread_current: mono_thread_current calling GET_CURRENT_OBJECT key: 0x18
mono_thread_current: mono_thread_current calling GET_CURRENT_OBJECT key: 0x18
mono_thread_cleanup: TlsFree current_object_key 0x18
mono_thread_current: mono_thread_current calling GET_CURRENT_OBJECT key: 0x18
mono_thread_current: mono_thread_current calling GET_CURRENT_OBJECT key: 0x18
mono_thread_current: mono_thread_current calling GET_CURRENT_OBJECT key: 0x18
]]

A debugger log containing the stack traces of the three calls is attached
(though as no symbols it has approximate locations).

Don’t know how serious this is (except for [1] :-,)), marking as MINOR
initially.  AppVerifier reports it presumably in case a future OS version is
less forgiving about accessing free'd TLS entries.

--
[1] Note that this app verifier error is also reported through the debugger,
thus the mono.exe process doesn't exit until a debugger is attached and the
process shutdown from there.

Reproducible: Always

-- 
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.

More information about the mono-bugs mailing list