This is the mail archive of the mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [patch] Fix BZ 19165 -- overflow in fread / fwrite

(sorry for the malformatted message earlier)

On Thu, Feb 11, 2016 at 7:22 AM, Florian Weimer <> wrote:
> On 02/11/2016 03:26 AM, Rich Felker wrote:
> > I think the problem may be even worse than we all expected. I've been
> > trying to fix the corresponding issue in musl, and it looks like the
> > _kernel_ is spuriously failing these reads with EFAULT by pre-checking
> > the validity of the potential destination address range rather than
> > only checking if there would actually be data to copy.
> Yes, system call behavior in this area is fairly regular: if a memory
> region is passed, it is checked for validity as a whole, and not just
> for the parts that are actually needed.  By now, this is part of the
> user space interface, and probably cannot change without breaking
> backwards compatibility.

Backward compatibility doesn't seem like a strong argument to me --
changing this would only make programs that don't work now, start
working.  It would be much more problematic the other way around.

However, it seems to me there's a serious implementation-level
obstacle: for at least some device I/O, the kernel may need to
finalize memory access checks before it knows how much data is
available. And it would be very confusing if the behavior depended on
what type of fd you were using.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]