This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/12825] New: write function returning -1 in cookie_io_functions_t will crash the program
- From: "chianshin at gmail dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: Mon, 30 May 2011 18:50:44 +0000
- Subject: [Bug libc/12825] New: write function returning -1 in cookie_io_functions_t will crash the program
- Auto-submitted: auto-generated
http://sourceware.org/bugzilla/show_bug.cgi?id=12825
Summary: write function returning -1 in cookie_io_functions_t
will crash the program
Product: glibc
Version: unspecified
Status: NEW
Severity: critical
Priority: P2
Component: libc
AssignedTo: drepper.fsp@gmail.com
ReportedBy: chianshin@gmail.com
This program which is from
http://www.kernel.org/doc/man-pages/online/pages/man3/fopencookie.3.html
The webpage also stated that if error happens, write should return -1;
But I found that returning -1 will crash the program. The reason is
explained in this bugzilla report.
http://sourceware.org/bugzilla/show_bug.cgi?id=2074
But glibc did fix the above bug.
Linux driver will also return negative value when error happens, Does
it have the same problem as the program here?
//===========================================================
#define _GNU_SOURCE
#include <sys/types.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include "assert.h"
#define INIT_BUF_SIZE 4
struct memfile_cookie {
char *buf; /* Dynamically sized buffer for data */
size_t allocated; /* Size of buf */
size_t endpos; /* Number of characters in buf */
off_t offset; /* Current file offset in buf */
};
ssize_t
memfile_write(void *c, const char *buf, size_t size)
{
return -1;
}
ssize_t
memfile_read(void *c, char *buf, size_t size)
{
assert(0);
return 0;
}
int
memfile_seek(void *c, off64_t *offset, int whence)
{
assert(0);
return 0;
}
int
memfile_close(void *c)
{
struct memfile_cookie *cookie = c;
free(cookie->buf);
cookie->allocated = 0;
cookie->buf = NULL;
return 0;
}
int
main(int argc, char *argv[])
{
cookie_io_functions_t memfile_func = {
.read = memfile_read,
.write = memfile_write,
.seek = memfile_seek,
.close = memfile_close
};
FILE *fp;
struct memfile_cookie mycookie;
/* Set up the cookie before calling fopencookie() */
mycookie.buf = malloc(INIT_BUF_SIZE);
if (mycookie.buf == NULL) {
perror("malloc");
exit(EXIT_FAILURE);
}
mycookie.allocated = INIT_BUF_SIZE;
mycookie.offset = 0;
mycookie.endpos = 0;
fp = fopencookie(&mycookie,"w+", memfile_func);
if (fp == NULL) {
perror("fopencookie");
exit(EXIT_FAILURE);
}
enum CONST_T{BUFF_SIZE=9000};
char buff[BUFF_SIZE]={"good out"};
size_t out=fwrite(buff,BUFF_SIZE,1,fp);
fprintf(stderr,"output size:%d\n",out);
exit(EXIT_SUCCESS);
}
//===========================================================
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.