This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH] libio: do not cleanup wide buffers of legacy standard files [BZ #24228]


On Mon, Feb 18, 2019 at 10:10:21PM +0300, Dmitry V. Levin wrote:
> On Mon, Feb 18, 2019 at 01:56:47PM +0100, Florian Weimer wrote:
> > * Dmitry V. Levin:
> > 
> > > Commit glibc-2.23~693 (a601b74d31ca086de38441d316a3dee24c866305)
> > > introduced a regression: _IO_unbuffer_all() now invokes _IO_wsetb() to
> > > free wide buffers of all files, including legacy standard files that
> > > are small statically allocated objects that do not have wide buffers.
> > 
> > Maybe at “and the _mode member”?
> 
> Yes, the _mode member is also not available.
> 
> > Does the crash reproduce under mtrace?  Then perhaps we can create a
> > test case by hiding the _IO_stdin_used symbol.
> 
> Yes and no.  Apparently, this simple test crashes under mtrace:
> 
> $ cat tst-bz24228.c 
> #include <mcheck.h>
> int main() { mtrace(); return 0; }
> $ cat tst-bz24228.map
> { local: _IO_stdin_used; };
> $ gcc -Wall -O2 -Wl,--version-script,tst-bz24228.map tst-bz24228.c  
> $ MALLOC_TRACE=/dev/null ./a.out 
> Segmentation fault

This memory corruption is caused by "fp->_mode = -1;" statement in
_IO_unbuffer_all().  I think we should avoid touching legacy standard
files in compatibility mode.  A fix with a test follows.


-- 
ldv

Attachment: signature.asc
Description: PGP signature


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]