Date: Thu, 30 Apr 1998 23:11:17 -0700 (PDT) From: "Jason K. Fritcher" <jkf@outreach.wolfnet.org> To: FreeBSD-gnats-submit@FreeBSD.ORG Subject: misc/6472: _thread_flockfile() hangs process when given NULL file pointer. Message-ID: <199805010611.XAA04557@outreach.wolfnet.org>
index | next in thread | raw e-mail
>Number: 6472
>Category: misc
>Synopsis: _thread_flockfile() hangs process when given NULL file pointer.
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Apr 30 23:10:01 PDT 1998
>Last-Modified:
>Originator: Jason K. Fritcher
>Organization:
N/A
>Release: FreeBSD 2.2.6-STABLE i386
>Environment:
FreeBSD outreach.wolfnet.org 2.2.6-STABLE FreeBSD 2.2.6-STABLE #0: Wed Apr 29
19:56:05 PDT 1998 jkf@outreach.wolfnet.org:/usr/src/sys/compile/OUTREACH i386
>Description:
If _thread_flockfile() is passed a NULL file pointer, it enters fileno(), and
hangs, grabbing all idle CPU time. The only way to terminate the process is
with a 'kill -9' from another tty. By placing the call to block signals
before the first use of the pointer, the process never received sig 11 for
dereferencing a NULL pointer. As a side benefit of the patch below, the
placement of the signal block/unblock calls match with the placement in the
rest of the file, making things more consistent.
>How-To-Repeat:
Any function that calls _thread_flockfile() and is passed a NULL file
pointer with hang the process. I.E, this code.
-- Cut Here --
#include <pthread.h>
#include <stdio.h>
main
{
FILE* fp = NULL;
fprintf(fp, "Hello.\n");
}
-- Cut Here --
Save that to a file, eg, hello.c.
Compile like this and then execute.
gcc -D_THREAD_SAFE -lc_r -o hello hello.c
This will hang.
Compile so and then execute.
gcc -o hello hello.c
This will die with a seg fault and core dump.
>Fix:
This patch will fix the problem.
*** uthread_file.c.old Thu Apr 30 22:41:26 1998
--- uthread_file.c Thu Apr 30 22:44:18 1998
***************
*** 42,51 ****
int fd, flags;
int status;
- /* Block signals: */
- _thread_kern_sig_block(&status);
-
if ((fd = fileno(fp)) >= 0) {
if (fp->_flags & __SRW) {
flags = FD_READ | FD_WRITE;
} else {
--- 42,51 ----
int fd, flags;
int status;
if ((fd = fileno(fp)) >= 0) {
+ /* Block signals: */
+ _thread_kern_sig_block(&status);
+
if (fp->_flags & __SRW) {
flags = FD_READ | FD_WRITE;
} else {
***************
*** 58,66 ****
/* This might fail but POSIX doesn't give a damn. */
_thread_fd_lock(fd, flags, NULL, fname, lineno);
}
- /* Unblock signals: */
- _thread_kern_sig_unblock(status);
return;
}
--- 58,67 ----
/* This might fail but POSIX doesn't give a damn. */
_thread_fd_lock(fd, flags, NULL, fname, lineno);
+
+ /* Unblock signals: */
+ _thread_kern_sig_unblock(status);
}
return;
}
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199805010611.XAA04557>