This is the mail archive of the mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [patch] Fix BZ 19165 -- overflow in fread / fwrite

On Thu, Feb 11, 2016 at 08:50:58AM -0500, Zack Weinberg wrote:
> On Feb 11, 2016 7:22 AM, "Florian Weimer" <> wrote:
> >
> > On 02/11/2016 03:26 AM, Rich Felker wrote:
> > > I think the problem may be even worse than we all expected. I've been
> > > trying to fix the corresponding issue in musl, and it looks like the
> > > _kernel_ is spuriously failing these reads with EFAULT by pre-checking
> > > the validity of the potential destination address range rather than
> > > only checking if there would actually be data to copy.
> >
> > Yes, system call behavior in this area is fairly regular: if a memory
> > region is passed, it is checked for validity as a whole, and not just
> > for the parts that are actually needed.  By now, this is part of the
> > user space interface, and probably cannot change without breaking
> > backwards compatibility.
> Also, the kernel might need to finalize access checks and wire down the
> pages for DMA before it even knows how much data is available.

That makes no sense except for O_DIRECT wackiness where I doubt anyone
cares about correctness/standards. Normal file reads should always be
DMA into the fs cache followed by memcpy to the caller's buffer.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]