This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [RFC][BZ #16549] Add sanity check for condvar alignment.


On 02/11/2014 11:44 PM, Joseph S. Myers wrote:
On Tue, 11 Feb 2014, Florian Weimer wrote:

I think the real issue here is our lack of error checking for the futex system
call.  strace on the test case shows this:

I'm not sure what we would do with an error here.  Cf
<https://sourceware.org/glibc/wiki/Style_and_Conventions#Invalid_pointers>
noting that a crash or assertion failure on an invalid NULL pointer is
better than returning an error value that would likely be ignored by the
buggy caller (although it's not obvious to me that diagnosing a misaligned
pointer through an assertion is worthwhile anyway).

We'd probably have to abort anyway in contexts where an unexpected error occurs. But I find it rather questionable that we completely discard the system call results in most cases.

Here, the glibc behavior happens to be correctâsilently not locking is allowed if the pointer is invalid. But I don't think we know for sure that all unexpected futex errors are due to precondition violations by user code.

--
Florian Weimer / Red Hat Product Security Team


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]