public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug nis/3559] New: unchecked malloc in glibc/sunrpc/svc_run.c
@ 2006-11-22 5:19 csnook at redhat dot com
2006-11-22 5:24 ` [Bug nis/3559] " csnook at redhat dot com
` (5 more replies)
0 siblings, 6 replies; 7+ messages in thread
From: csnook at redhat dot com @ 2006-11-22 5:19 UTC (permalink / raw)
To: glibc-bugs
malloc result in glibc/sunrpc/svc_run.c is used without being checked:
62 my_pollfd = malloc (sizeof (struct pollfd) * svc_max_pollfd);
63 for (i = 0; i < svc_max_pollfd; ++i)
64 {
65 my_pollfd[i].fd = svc_pollfd[i].fd;
This was discovered by code inspection while troubleshooting ypbind, and is
unchanged in CVS.
--
Summary: unchecked malloc in glibc/sunrpc/svc_run.c
Product: glibc
Version: 2.4
Status: NEW
Severity: normal
Priority: P2
Component: nis
AssignedTo: kukuk at suse dot de
ReportedBy: csnook at redhat dot com
CC: glibc-bugs at sources dot redhat dot com
http://sourceware.org/bugzilla/show_bug.cgi?id=3559
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug nis/3559] unchecked malloc in glibc/sunrpc/svc_run.c
2006-11-22 5:19 [Bug nis/3559] New: unchecked malloc in glibc/sunrpc/svc_run.c csnook at redhat dot com
@ 2006-11-22 5:24 ` csnook at redhat dot com
2006-11-22 7:52 ` jakub at redhat dot com
` (4 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: csnook at redhat dot com @ 2006-11-22 5:24 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From csnook at redhat dot com 2006-11-22 05:24 -------
Created an attachment (id=1434)
--> (http://sourceware.org/bugzilla/attachment.cgi?id=1434&action=view)
patch to report error and return if malloc fails
patch to report error and return if malloc fails
--
http://sourceware.org/bugzilla/show_bug.cgi?id=3559
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug nis/3559] unchecked malloc in glibc/sunrpc/svc_run.c
2006-11-22 5:19 [Bug nis/3559] New: unchecked malloc in glibc/sunrpc/svc_run.c csnook at redhat dot com
2006-11-22 5:24 ` [Bug nis/3559] " csnook at redhat dot com
@ 2006-11-22 7:52 ` jakub at redhat dot com
2006-11-22 8:13 ` csnook at redhat dot com
` (3 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: jakub at redhat dot com @ 2006-11-22 7:52 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From jakub at redhat dot com 2006-11-22 07:51 -------
If we touch this file, there are further things we should look at:
1) svc_exit's comment says it should be usable in signal handler, but calling
free isn't possible in signal handlers, perhaps just clearing svc_maxpoll_fd
and freeing in svc_run instead
2) doing a malloc/free pair in every single svc_run loop iteration sounds
overkill to me, it should be enough if it reallocates the memory if
svc_maxpoll_fd changes since last invocation
--
http://sourceware.org/bugzilla/show_bug.cgi?id=3559
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug nis/3559] unchecked malloc in glibc/sunrpc/svc_run.c
2006-11-22 5:19 [Bug nis/3559] New: unchecked malloc in glibc/sunrpc/svc_run.c csnook at redhat dot com
2006-11-22 5:24 ` [Bug nis/3559] " csnook at redhat dot com
2006-11-22 7:52 ` jakub at redhat dot com
@ 2006-11-22 8:13 ` csnook at redhat dot com
2006-11-27 23:02 ` drepper at redhat dot com
` (2 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: csnook at redhat dot com @ 2006-11-22 8:13 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From csnook at redhat dot com 2006-11-22 08:13 -------
For that matter, using svc_max_pollfd as a sentinel like this is racy, and
should be replaced with a real sentinel whose value isn't used within the loop
it also controls.
Perhaps a better question would be whether anything actually calls svc_exit at
all. It's not called anywhere in ypbind-mt, but I suppose other RPC services
might use it.
--
http://sourceware.org/bugzilla/show_bug.cgi?id=3559
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug nis/3559] unchecked malloc in glibc/sunrpc/svc_run.c
2006-11-22 5:19 [Bug nis/3559] New: unchecked malloc in glibc/sunrpc/svc_run.c csnook at redhat dot com
` (2 preceding siblings ...)
2006-11-22 8:13 ` csnook at redhat dot com
@ 2006-11-27 23:02 ` drepper at redhat dot com
2007-01-12 16:59 ` cvs-commit at gcc dot gnu dot org
2007-02-17 9:11 ` drepper at redhat dot com
5 siblings, 0 replies; 7+ messages in thread
From: drepper at redhat dot com @ 2006-11-27 23:02 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From drepper at redhat dot com 2006-11-27 23:02 -------
I've applied the patch to handle malloc errors.
--
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |WAITING
http://sourceware.org/bugzilla/show_bug.cgi?id=3559
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug nis/3559] unchecked malloc in glibc/sunrpc/svc_run.c
2006-11-22 5:19 [Bug nis/3559] New: unchecked malloc in glibc/sunrpc/svc_run.c csnook at redhat dot com
` (3 preceding siblings ...)
2006-11-27 23:02 ` drepper at redhat dot com
@ 2007-01-12 16:59 ` cvs-commit at gcc dot gnu dot org
2007-02-17 9:11 ` drepper at redhat dot com
5 siblings, 0 replies; 7+ messages in thread
From: cvs-commit at gcc dot gnu dot org @ 2007-01-12 16:59 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From cvs-commit at gcc dot gnu dot org 2007-01-12 16:59 -------
Subject: Bug 3559
CVSROOT: /cvs/glibc
Module name: libc
Branch: glibc-2_5-branch
Changes by: jakub@sourceware.org 2007-01-12 16:59:03
Modified files:
. : ChangeLog
sunrpc : svc_run.c
Log message:
[BZ #3559]
* sunrpc/svc_run.c (svc_run): Fail instead of segfaulting if
malloc crashed.
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/libc/ChangeLog.diff?cvsroot=glibc&only_with_tag=glibc-2_5-branch&r1=1.10362.2.14&r2=1.10362.2.15
http://sourceware.org/cgi-bin/cvsweb.cgi/libc/sunrpc/svc_run.c.diff?cvsroot=glibc&only_with_tag=glibc-2_5-branch&r1=1.10&r2=1.10.8.1
--
http://sourceware.org/bugzilla/show_bug.cgi?id=3559
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug nis/3559] unchecked malloc in glibc/sunrpc/svc_run.c
2006-11-22 5:19 [Bug nis/3559] New: unchecked malloc in glibc/sunrpc/svc_run.c csnook at redhat dot com
` (4 preceding siblings ...)
2007-01-12 16:59 ` cvs-commit at gcc dot gnu dot org
@ 2007-02-17 9:11 ` drepper at redhat dot com
5 siblings, 0 replies; 7+ messages in thread
From: drepper at redhat dot com @ 2007-02-17 9:11 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From drepper at redhat dot com 2007-02-17 09:10 -------
I'm closing this. The code is broken by design, there is not much we can do
except fixing critical problems.
--
What |Removed |Added
----------------------------------------------------------------------------
Status|WAITING |RESOLVED
Resolution| |FIXED
http://sourceware.org/bugzilla/show_bug.cgi?id=3559
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2007-02-17 9:11 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2006-11-22 5:19 [Bug nis/3559] New: unchecked malloc in glibc/sunrpc/svc_run.c csnook at redhat dot com
2006-11-22 5:24 ` [Bug nis/3559] " csnook at redhat dot com
2006-11-22 7:52 ` jakub at redhat dot com
2006-11-22 8:13 ` csnook at redhat dot com
2006-11-27 23:02 ` drepper at redhat dot com
2007-01-12 16:59 ` cvs-commit at gcc dot gnu dot org
2007-02-17 9:11 ` drepper at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).