This is the mail archive of the mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug libc/22273] New: Improper assert in Linux posix_spawn implementation

            Bug ID: 22273
           Summary: Improper assert in Linux posix_spawn implementation
           Product: glibc
           Version: 2.26
            Status: NEW
          Severity: normal
          Priority: P2
         Component: libc
          Assignee: unassigned at sourceware dot org
          Reporter: fweimer at redhat dot com
                CC: drepper.fsp at gmail dot com
  Target Milestone: ---
            Target: Linux
             Flags: security-

__spawnix has this code:

    340   /* Child must set args.err to something non-negative - we rely on
    341      the parent and child sharing VM.  */
    342   args.err = -1;
    354   /* The clone flags used will create a new child that will run in the
    355      memory space (CLONE_VM) and the execution of calling thread will
    356      suspend until the child calls execve or _exit.
    358      Also since the calling thread execution will be suspend, there is
    359      need for CLONE_SETTLS.  Although parent and child share the same
    360      namespace, there will be no concurrent access for TLS variables
    361      for instance).  */
    362   new_pid = CLONE (__spawni_child, STACK (stack, stack_size),
    363                    CLONE_VM | CLONE_VFORK | SIGCHLD, &args);
    365   if (new_pid > 0)
    366     {
    367       ec = args.err;
    368       assert (ec >= 0);

The assert can fire if the child process dies before the err member is written.
 Atomics should probably used to guard against compiler reordering of the
store, too.

You are receiving this mail because:
You are on the CC list for the bug.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]