Bug 20598 - fork+exit clobbers file offsets
Summary: fork+exit clobbers file offsets
Alias: None
Product: glibc
Classification: Unclassified
Component: stdio (show other bugs)
Version: 2.22
: P2 normal
Target Milestone: ---
Assignee: Not yet assigned to anyone
Depends on:
Reported: 2016-09-12 10:12 UTC by Andreas Schwab
Modified: 2016-09-28 16:44 UTC (History)
2 users (show)

See Also:
Last reconfirmed:
fweimer: security-

Testcase (258 bytes, text/plain)
2016-09-12 10:12 UTC, Andreas Schwab

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Schwab 2016-09-12 10:12:55 UTC
Created attachment 9507 [details]

When a process calls fork while some stdio streams open the underlying file offsets are modified in the child causing the parent to read from the wrong offset on the next buffer underflow.  This was broken by commit 18d26750dd8fd328a78cf639fd0ec2494680a2a4.
Comment 1 Florian Weimer 2016-09-12 11:02:46 UTC
Is it really fork and not exit?  If I replace exit with _exit, the endless loop goes away.

The cause appears to be that unbuffering read-only streams needs to adjust the file descriptor seek offset, otherwise the next character read would be wrong.
Comment 2 Andreas Schwab 2016-09-12 12:18:17 UTC
Yes, this is about the exit actually.  But reading "2.5.1 Interaction of File Descriptors and Standard I/O Streams", I think this is really undefined, because the required action is not performed before the call to fork, and the correct fix is to use _exit in the forked child.
Comment 3 Andreas Schwab 2016-09-12 12:19:43 UTC
Closing as INVALID.