This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH 2/2] linux: clock_settime: Return proper value when passing NULL pointer
- From: Joseph Myers <joseph at codesourcery dot com>
- To: Alistair Francis <alistair23 at gmail dot com>
- Cc: Lukasz Majewski <lukma at denx dot de>, Paul Eggert <eggert at cs dot ucla dot edu>, Alistair Francis <alistair dot francis at wdc dot com>, GNU C Library <libc-alpha at sourceware dot org>, Adhemerval Zanella <adhemerval dot zanella at linaro dot org>, Florian Weimer <fweimer at redhat dot com>, Florian Weimer <fw at deneb dot enyo dot de>, Zack Weinberg <zackw at panix dot com>, Carlos O'Donell <carlos at redhat dot com>
- Date: Fri, 8 Nov 2019 17:00:35 +0000
- Subject: Re: [PATCH 2/2] linux: clock_settime: Return proper value when passing NULL pointer
- Ironport-sdr: 3NorXNWJPlxoEhids95gSHTXpIlfy6SHlkHzYZxIvhwtgiMin2yw0IePVMRwT5cs0p6iSWRIEF 11A9ycxfjARR0xf3k/sy3+6LWBuiwjwGXPt1vWRHelST68zxox/Q/aYbf27OQO4xZLRyMi32/d bMls8+pfXpaeljwAtx4Wm2Whl5Nfgrud+Lpgk3egs37vEHk70EJe4TwYAeHeQ23BpSBh3R2Tut 180x48VntcCq/stXytKAaBoRm4Y7eJgx/xB+qTAKkrUUWvekCIBiHnF5UkL3B/PkK2LPyUi8W/ 4RQ=
- Ironport-sdr: 2kx8q33un5D9Wsu7ebzP/4yEiHDoQ/aQMD47+0PHq07xjA7cFWa3Z7pov44mmUPJAzqJXI5iMY dSeTZvg6VsHC84d7zLZq4mkepEZ13WAtsMGDYxy8ZU9ykZoIVPVQZlSp9TG2299HrpXmNxuefK CkLEWDH4HzRuC+6+1tCDlIMYRz9C08ncRvNJXlGaNK4HtvJeOCChLE3uOKR6saHuRwFZFPVLfi 4e7/2LPW+uBVchjWJqBim/9R+Gu6g7TabQh45iH8rXy2DRuo6Zhd+2KUKFgbypgiTpAWeAol1O Eh0=
- References: <20191108153344.10949-1-lukma@denx.de> <20191108153344.10949-2-lukma@denx.de> <CAKmqyKMHNOjuXNUAm36C1rMTnV54=GYm1JQ6v+=nStCyq38U2A@mail.gmail.com>
On Fri, 8 Nov 2019, Alistair Francis wrote:
> On Fri, Nov 8, 2019 at 7:34 AM Lukasz Majewski <lukma@denx.de> wrote:
> >
> > When in __clock_settime function (__TIMESIZE != 64) the const struct
> > timespec's *tp pointer is NULL, the Linux kernel syscall returns
> > -EFAULT.
> > Without this patch the glibc crashes (when dereferencing NULL pointer)
> > as the Linux kernel syscall is not reached at all.
> >
> > There is no need for such check in the __clock_settime64, as this
> > pointer either goes directly to Linux kernel or the pointer to local
> > copy is used (ts64).
>
> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
This patch is contrary to glibc conventions. There is explicitly no
guarantee of whether a segfault or EFAULT occurs when a function is called
with invalid arguments. There should be no explicit checks for NULL
pointers in cases where a segfault will reliably occur otherwise and any
existing such checks should be removed from glibc.
https://sourceware.org/glibc/wiki/Style_and_Conventions#Invalid_pointers
(And note the POSIX specification of EFAULT, "The reliable detection of
this error cannot be guaranteed, and when not detected may result in the
generation of a signal, indicating an address violation, which is sent to
the process.".)
--
Joseph S. Myers
joseph@codesourcery.com