| Summary: | ASTERISK-26800: Non-threadsafe function usage analysis | ||
| Reporter: | Ian Gilmour (tuxian) | Labels: | |
| Date Opened: | 2017-02-17 05:44:00.000-0600 | Date Closed: | |
| Priority: | Minor | Regression? | |
| Status: | Open/New | Components: | Core/General |
| Versions: | 13.14.0 | Frequency of Occurrence | |
| Related Issues: | |||
| Environment: | Attachments: | ( 0) chkthreadsafe.output.tgz ( 1) pjproject-2.5.5.txt | |
| Description: | Looking through the asterisk codebase I see what (at least at first glance) appear to be use of some non-threadsafe functions. e.g. ctime, strtok, localtime, etc.
As a check I wrote a script that attempts to identify where non-threadsafe functions are being used. It uses the list of potentially non-threadsafe functions from http://pubs.opengroup.org/onlinepubs/9699919799/functions/V2_chap02.html#tag_15_09_01. I notice some of these functions have threadsafe equivalents but that those threadsafe equivalents are themselves now deprecated (e.g. readdir is now favoured again rather than readdir_r according to [http://man7.org/linux/man-pages/man3/readdir.3.html#ATTRIBUTES]). So is there a better list of non-threadsafe functions? Using the current list I have the script comes up with a few entries when run against the 13.14.0 branch - see [^chkthreadsafe.output.tgz]. The script is far from perfect. I accept there are a lot more false positives than positives in the output at present. False positives come from various sources: * variables that have the same name as non-threadsafe functions, * functions that may only be used on a single thread during system startup/shutdown, etc., * and I can see asterisk has it's own threadsafe versions of some of these functions (e.g. ast_inet_ntoa, ast_crypt, etc). But that still leaves a few calls that are potentially non-threadsafe. Some of these (e.g. strtok) have threadsafe equivalents already in use elsewhere in the code (strtok_r, etc.). I'm just querying if the use of these functions needs further review by those that know the asterisk codebase better? | ||
| Comments: | By: Asterisk Team (asteriskteam) 2017-02-17 05:44:02.008-0600 Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution. A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report. Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process]. By: Joshua C. Colp (jcolp) 2017-02-20 06:21:19.376-0600 There are some uses, but a good portion is legacy code. I've marked this as minor accordingly. By: Ian Gilmour (tuxian) 2017-02-27 02:51:30.343-0600 Hi Joshua - That's fine, you know the code better than I. I'm not sure when you are planning on updating Asterisk from using pjproject from 2.5.5 to 2.6, but there are a few in the pjproject 2.5.5 release too (esp. suspect strtok usage). These are fixed in pjproject-2.6. (see [^pjproject-2.5.5.txt] for details). By: Joshua C. Colp (jcolp) 2017-02-27 05:36:33.210-0600 Bundled PJSIP has already been updated to 2.6 in Git and will be in the next release. | ||