This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH 2/2] linux: clock_settime: Return proper value when passing NULL pointer


On Fri, 8 Nov 2019, Alistair Francis wrote:

> On Fri, Nov 8, 2019 at 7:34 AM Lukasz Majewski <lukma@denx.de> wrote:
> >
> > When in __clock_settime function (__TIMESIZE != 64) the const struct
> > timespec's *tp pointer is NULL, the Linux kernel syscall returns
> > -EFAULT.
> > Without this patch the glibc crashes (when dereferencing NULL pointer)
> > as the Linux kernel syscall is not reached at all.
> >
> > There is no need for such check in the __clock_settime64, as this
> > pointer either goes directly to Linux kernel or the pointer to local
> > copy is used (ts64).
> 
> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>

This patch is contrary to glibc conventions.  There is explicitly no 
guarantee of whether a segfault or EFAULT occurs when a function is called 
with invalid arguments.  There should be no explicit checks for NULL 
pointers in cases where a segfault will reliably occur otherwise and any 
existing such checks should be removed from glibc.

https://sourceware.org/glibc/wiki/Style_and_Conventions#Invalid_pointers

(And note the POSIX specification of EFAULT, "The reliable detection of 
this error cannot be guaranteed, and when not detected may result in the 
generation of a signal, indicating an address violation, which is sent to 
the process.".)

-- 
Joseph S. Myers
joseph@codesourcery.com


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]