With libstdc++ configured with --enable-libstdcxx-allocator=mt (on 4.0 branch or on HEAD for linux even without it, as mt is the default there), following testcase crashes:
cat > O.c <<EOF #include <dlfcn.h> #include <pthread.h> void * tf (void *arg) { void *h = dlopen ("./libO.so", RTLD_LAZY); void (*fn) (void); if (!h) return 0; fn = dlsym (h, "foo"); fn (); dlclose (h); return 0; } int main (void) { pthread_t th; pthread_create (&th, NULL, tf, NULL); pthread_join (th, NULL); return 0; } EOF cat > libO.C <<EOF #include <string> extern "C" void foo (void) { std::string s; s += "hello"; } EOF g++ -g -O2 -shared -fpic -o libO.so libO.C gcc -g -O2 -o O O.c -ldl -lpthread The problem is that __gnu_cxx::__pool<true>::_M_initialize () calls pthread_key_create but doesn't ensure pthread_key_delete is called when libstdc++.so is unloaded. So when glibc attempts destroys a thread or program and calls the registered key cleanup routine (_S_destroy_thread_key), if libstdc++.so is not mapped at that moment any longer, either whatever other code happens to be mapped at that address is run, or the program crashes immediately. mt_allocator.cc should ensure that gthread_key_delete is called on the key after all users of the key have been destroyed. -- Summary: mt allocator doesn't pthread_key_delete it's keys Product: gcc Version: 4.1.0 Status: UNCONFIRMED Severity: normal Priority: P2 Component: libstdc++ AssignedTo: unassigned at gcc dot gnu dot org ReportedBy: jakub at redhat dot com CC: gcc-bugs at gcc dot gnu dot org http://gcc.gnu.org/bugzilla/show_bug.cgi?id=22309