Bug 1952 - time() returns incorrect value when given bad address
Summary: time() returns incorrect value when given bad address
Status: RESOLVED FIXED
Alias: None
Product: glibc
Classification: Unclassified
Component: libc (show other bugs)
Version: 2.3.5
: P2 normal
Target Milestone: ---
Assignee: Ulrich Drepper
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-11-30 15:50 UTC by Michael Kerrisk
Modified: 2016-05-20 19:43 UTC (History)
1 user (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:
fweimer: security-

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Kerrisk 2005-11-30 15:50:46 UTC 
When the program below is run on Linux/x86, the following output 
is produced:

After time():            t=-14, errno=0
After syscall(SYS_time): t=-1, errno=14

In the first line, the reported return value from time() should be 
-1, with errno set to EFAULT (14).  Instead, the call returns -14.

Could this be a configuration problem in 
sysdeps/unix/sysv/linux/i386/syscalls.list?

Cheers,

Michael

==========

#define _GNU_SOURCE
#include <stdio.h>
#include <errno.h>
#include <unistd.h>
#include <sys/syscall.h>
#include <time.h>

#define VAL 1000

int main() {
    time_t t;

    t = time((time_t *)VAL);
    printf("After time():            t=%ld, errno=%d\n", (long) t, errno);
    t = syscall(SYS_time, (time_t *)VAL);
    printf("After syscall(SYS_time): t=%ld, errno=%d\n", (long) t, errno);
    return 0;
}
Comment 1 Jakub Jelinek 2005-11-30 16:18:20 UTC 
time is marked with E, i.e. not returning error (which I'd say matches
POSIX which doesn't define any errors for time).  By passing an invalid
address to the function you reach undefined behaviour territory and all answers
are fine in that case.
Comment 2 Michael Kerrisk 2005-11-30 16:31:25 UTC 
Subject: Re:  time() returns incorrect value when given bad address

> time is marked with E, i.e. not returning error (which I'd say matches
> POSIX which doesn't define any errors for time).  By passing an invalid
> address to the function you reach undefined behaviour territory and all
> answers are fine in that case.
 
Hi Jakub

Thanks for your quick reply.

POSIX does not define any errno values for time(), but nevertheless 
says:

    Upon successful completion, time( ) shall return the value of 
    time. Otherwise, (time_t)&#8722;1 shall be returned.
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

In my book, that means that time() should reasonably return -1
here.

The POSIX.1 "No errors are defined" means

    that error values returned by a function or stored into a 
    variable accessed through the symbol errno, if any, depend 
    on the implementation.

This does not (in my reading) mean that no error indication 
(i.e., -1 in this case) should be returned.

Note also that glibc is thwarting the underlying system call, which
does actually return -1 for this case (as my program demonstrates).

Cheers,

Michael
Comment 3 Ulrich Drepper 2005-12-20 07:50:09 UTC 
I've added a new implementation which will simply crash for all invalid pointers.
Comment 4 Michael Kerrisk 2005-12-20 08:18:17 UTC 
Subject: Re:  time() returns incorrect value when given bad address

> 
> ------- Additional Comments From drepper at redhat dot com  2005-12-20
> 07:50 ------- 
> I've added a new implementation which will simply crash for
> all invalid pointers.

Good!  Thanks.