Bug 26833 - adjtime() with delta == NULL segfaults on armv7 32bit platform
Summary: adjtime() with delta == NULL segfaults on armv7 32bit platform
Status: RESOLVED FIXED
Alias: None
Product: glibc
Classification: Unclassified
Component: time (show other bugs)
Version: 2.32
: P2 normal
Target Milestone: 2.33
Assignee: Adhemerval Zanella
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-11-02 17:14 UTC by Matthias Gerstner
Modified: 2020-11-10 12:20 UTC (History)
2 users (show)

See Also:
Host:
Target:
Build:
Last reconfirmed: 2020-11-02 00:00:00
fweimer: security-

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Matthias Gerstner 2020-11-02 17:14:47 UTC 
I recently updated glibc from release 2.31 to release 2.32 on Gentoo Linux running on a 32-bit armv7 machine. Ever since that the ntpd from openntpd doesn't startup any more.

Digging deeper I found that the forked 'ntp_main' instance of ntpd dies with a SIGSEGV when executing the the adjtime() glibc function call in the following function:


```
double                                                                            
getoffset(void)                                                                   
{                                                                                 
        struct timeval  tv;                                                       
>>>>    if (adjtime(NULL, &tv) == -1)                                             
                return (0.0);                                                     
        return (tv.tv_sec + 1.0e-6 * tv.tv_usec);                                 
}
```

The issue seems to stem from glibc git commit 0308077e3a4ff1c123cdddd311f55a2ecdd3115c where the newly introduced __adjtime 32-bit wrapper cannot handle a NULL pointer itv input parameter.

```
+#if __TIMESIZE != 64
+libc_hidden_def (__adjtime64)
+
+int
+__adjtime (const struct timeval *itv, struct timeval *otv)
+{
+  struct __timeval64 itv64, otv64;
+  int retval;
+
+  itv64 = valid_timeval_to_timeval64 (*itv);
+  retval = __adjtime64 (&itv64, otv != NULL ? &otv64 : NULL);
+  if (otv != NULL)
+    *otv = valid_timeval64_to_timeval (otv64);
+
+  return retval;
+}
+#endif
```
Comment 1 Adhemerval Zanella 2020-11-02 17:24:54 UTC 
This seems a regression of BZ#2449 from the y2038 support.
Comment 2 Adhemerval Zanella 2020-11-09 14:20:34 UTC 
Fixed on 2.33.
Comment 3 Florian Weimer 2020-11-10 12:20:47 UTC 
Note: Order of the Resolution drop-down list changed.  NOTABUG is now first.