On 12 Jan 2011, at 10:29, Kevin J Walters wrote: > Hi,
I picked this up when you reported it in bugzilla. One feature of the apache way of working is that no individual developer 'owns' your question (unless you pay someone for support), so it risks going unanswered. > Whilst looking at a thread safety issue in mod_fastcgi, i noticed > there's some suspicious looking code in apache httpd project. > > server/mpm_common.c (2.2.17) has two functions ap_uname2id and > ap_gname2id which call getpwnam and getgrnam, two non-reentrant > functions. I can say unambiguously that those functions are only used at server startup, before any threads are spawned. So not quite a bug. > Comparing with typical apr code that tends to have an #ifdef to > select function() vs function_r(). APR is a more general-purpose library, so it matters there. > Perhaps ap_uname2id and ap_gname2id are not executed concurrently by > the current code base but if these are general purpose functions they > should be more cautious/safe? Good point - thanks for making it. They are API functions and should therefore either be thread-safe and reentrant or properly documented as unsafe. So yes, it's a bug! > Has the whole apache httpd 2.x project been scanned for use of > non-reentrant function calls? I couldn't refer you to any systematic scan. However, a lot of third-parties come to us with reports of potential bugs based on scans of our codebase by a range of code-analysis tools. Developers and vendors of such tools come to apache in a variety of circumstances, from making a constructive contribution to seeking a high-profile and prestigious scalp! -- Nick Kew Available for work, contract or permanent http://www.webthing.com/~nick/cv.html