Summary: | write function returning -1 in cookie_io_functions_t will crash the program | ||
---|---|---|---|
Product: | glibc | Reporter: | Xin Qian <chianshin> |
Component: | libc | Assignee: | Ulrich Drepper <drepper.fsp> |
Status: | RESOLVED INVALID | ||
Severity: | critical | Flags: | fweimer:
security-
|
Priority: | P2 | ||
Version: | unspecified | ||
Target Milestone: | --- | ||
Host: | Target: | ||
Build: | Last reconfirmed: |
Description
Xin Qian
2011-05-30 18:50:24 UTC
if this buffer is created in heap, the program never crashes. char buff[BUFF_SIZE]={"good out"}; But if it is not bug, please give me a reason The write function mustn't return -1. If this is documented otherwise the documentation is wrong. 1. In the libc's manual/stdio.texi line 5057-5064 http://sourceware.org/git/?p=glibc.git;a=blob;f=manual/stdio.texi;hb=HEAD it is said that the writer function will return -1 for error. If write function do not use -1 return value to indicate error, how about read function? still use -1 to indicate error. If people agree, I might submit a change to the manual/stdio.texi. 2. Another thing in my mind is that if the stream is not installed by fopencookie, it is hooked up to a char device in linux. The write function of that driver is also returning negative value for error. Is this causing problem in libc also? http://www.xml.com/ldd/chapter/book/ch03.html ssize_t (*write) (struct file *, const char *, size_t, loff_t *); Sends data to the device. If missing, -EINVAL is returned to the program calling the write system call. The return value, if non-negative, represents the number of bytes successfully written. |