[Bug libc/12825] New: write function returning -1 in cookie_io_functions

public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed

* [Bug libc/12825] New: write function returning -1 in cookie_io_functions_t will crash the program
@ 2011-05-30 18:50 chianshin at gmail dot com
  2011-05-30 18:55 ` [Bug libc/12825] " chianshin at gmail dot com
                   ` (3 more replies)
  0 siblings, 4 replies; 5+ messages in thread
From: chianshin at gmail dot com @ 2011-05-30 18:50 UTC (permalink / raw)
  To: glibc-bugs

http://sourceware.org/bugzilla/show_bug.cgi?id=12825

           Summary: write function returning -1 in cookie_io_functions_t
                    will crash the program
           Product: glibc
           Version: unspecified
            Status: NEW
          Severity: critical
          Priority: P2
         Component: libc
        AssignedTo: drepper.fsp@gmail.com
        ReportedBy: chianshin@gmail.com


This program which is from
http://www.kernel.org/doc/man-pages/online/pages/man3/fopencookie.3.html
The webpage also stated that if error happens, write should return -1;

But I found that returning -1 will crash the program. The reason is
explained in this bugzilla report.
http://sourceware.org/bugzilla/show_bug.cgi?id=2074

But glibc did fix the above bug.

Linux driver will also return negative value when error happens, Does
it have the same problem as the program here?

//===========================================================
#define _GNU_SOURCE
#include <sys/types.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include "assert.h"

#define INIT_BUF_SIZE 4

struct memfile_cookie {
   char   *buf;        /* Dynamically sized buffer for data */
   size_t  allocated;  /* Size of buf */
   size_t  endpos;     /* Number of characters in buf */
   off_t   offset;     /* Current file offset in buf */
};

ssize_t
memfile_write(void *c, const char *buf, size_t size)
{
   return -1;
}

ssize_t
memfile_read(void *c, char *buf, size_t size)
{
 assert(0);
 return 0;
}

int
memfile_seek(void *c, off64_t *offset, int whence)
{
  assert(0);
  return 0;
}

int
memfile_close(void *c)
{
   struct memfile_cookie *cookie = c;

   free(cookie->buf);
   cookie->allocated = 0;
   cookie->buf = NULL;

   return 0;
}

int
main(int argc, char *argv[])
{
   cookie_io_functions_t  memfile_func = {
       .read  = memfile_read,
       .write = memfile_write,
       .seek  = memfile_seek,
       .close = memfile_close
   };
   FILE *fp;
   struct memfile_cookie mycookie;

   /* Set up the cookie before calling fopencookie() */

   mycookie.buf = malloc(INIT_BUF_SIZE);
   if (mycookie.buf == NULL) {
       perror("malloc");
       exit(EXIT_FAILURE);
   }

   mycookie.allocated = INIT_BUF_SIZE;
   mycookie.offset = 0;
   mycookie.endpos = 0;

   fp = fopencookie(&mycookie,"w+", memfile_func);
   if (fp == NULL) {
       perror("fopencookie");
       exit(EXIT_FAILURE);
   }

    enum CONST_T{BUFF_SIZE=9000};
    char buff[BUFF_SIZE]={"good out"};
    size_t out=fwrite(buff,BUFF_SIZE,1,fp);
    fprintf(stderr,"output size:%d\n",out);

   exit(EXIT_SUCCESS);
}
//===========================================================

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


^ permalink raw reply	[flat|nested] 5+ messages in thread

* [Bug libc/12825] write function returning -1 in cookie_io_functions_t will crash the program
  2011-05-30 18:50 [Bug libc/12825] New: write function returning -1 in cookie_io_functions_t will crash the program chianshin at gmail dot com
@ 2011-05-30 18:55 ` chianshin at gmail dot com
  2011-05-30 22:36 ` drepper.fsp at gmail dot com
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 5+ messages in thread
From: chianshin at gmail dot com @ 2011-05-30 18:55 UTC (permalink / raw)
  To: glibc-bugs

http://sourceware.org/bugzilla/show_bug.cgi?id=12825

--- Comment #1 from Xin Qian <chianshin at gmail dot com> 2011-05-30 18:54:51 UTC ---
if this buffer is created in heap, the program never crashes.
 char buff[BUFF_SIZE]={"good out"};

But if it is not bug, please give me a reason

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


^ permalink raw reply	[flat|nested] 5+ messages in thread

* [Bug libc/12825] write function returning -1 in cookie_io_functions_t will crash the program
  2011-05-30 18:50 [Bug libc/12825] New: write function returning -1 in cookie_io_functions_t will crash the program chianshin at gmail dot com
  2011-05-30 18:55 ` [Bug libc/12825] " chianshin at gmail dot com
@ 2011-05-30 22:36 ` drepper.fsp at gmail dot com
  2011-05-30 23:08 ` chianshin at gmail dot com
  2014-06-13 14:41 ` fweimer at redhat dot com
  3 siblings, 0 replies; 5+ messages in thread
From: drepper.fsp at gmail dot com @ 2011-05-30 22:36 UTC (permalink / raw)
  To: glibc-bugs

http://sourceware.org/bugzilla/show_bug.cgi?id=12825

Ulrich Drepper <drepper.fsp at gmail dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |INVALID

--- Comment #2 from Ulrich Drepper <drepper.fsp at gmail dot com> 2011-05-30 22:36:38 UTC ---
The write function mustn't return -1.  If this is documented otherwise the
documentation is wrong.

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


^ permalink raw reply	[flat|nested] 5+ messages in thread

* [Bug libc/12825] write function returning -1 in cookie_io_functions_t will crash the program
  2011-05-30 18:50 [Bug libc/12825] New: write function returning -1 in cookie_io_functions_t will crash the program chianshin at gmail dot com
  2011-05-30 18:55 ` [Bug libc/12825] " chianshin at gmail dot com
  2011-05-30 22:36 ` drepper.fsp at gmail dot com
@ 2011-05-30 23:08 ` chianshin at gmail dot com
  2014-06-13 14:41 ` fweimer at redhat dot com
  3 siblings, 0 replies; 5+ messages in thread
From: chianshin at gmail dot com @ 2011-05-30 23:08 UTC (permalink / raw)
  To: glibc-bugs

http://sourceware.org/bugzilla/show_bug.cgi?id=12825

--- Comment #3 from Xin Qian <chianshin at gmail dot com> 2011-05-30 23:08:00 UTC ---
1. In the libc's manual/stdio.texi line 5057-5064
http://sourceware.org/git/?p=glibc.git;a=blob;f=manual/stdio.texi;hb=HEAD
it is said that the writer function will return -1 for error.

If write function do not use -1 return value to indicate error, how about read
function? still use -1 to indicate error.

If people agree, I might submit a change to the manual/stdio.texi.

2. 
Another thing in my mind is that if the stream is not installed by fopencookie,
it is hooked up to a char device in linux.
The write function of that driver is also returning negative value for error.
Is this causing problem in libc also? 

http://www.xml.com/ldd/chapter/book/ch03.html
ssize_t (*write) (struct file *, const char *, size_t, loff_t *);
Sends data to the device. If missing, -EINVAL is returned to the program
calling the write system call. The return value, if non-negative, represents
the number of bytes successfully written.

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [Bug libc/12825] write function returning -1 in cookie_io_functions_t will crash the program
  2011-05-30 18:50 [Bug libc/12825] New: write function returning -1 in cookie_io_functions_t will crash the program chianshin at gmail dot com
                   ` (2 preceding siblings ...)
  2011-05-30 23:08 ` chianshin at gmail dot com
@ 2014-06-13 14:41 ` fweimer at redhat dot com
  3 siblings, 0 replies; 5+ messages in thread
From: fweimer at redhat dot com @ 2014-06-13 14:41 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=12825

Florian Weimer <fweimer at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
              Flags|                            |security-

-- 
You are receiving this mail because:
You are on the CC list for the bug.


^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2014-06-13 14:41 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-05-30 18:50 [Bug libc/12825] New: write function returning -1 in cookie_io_functions_t will crash the program chianshin at gmail dot com
2011-05-30 18:55 ` [Bug libc/12825] " chianshin at gmail dot com
2011-05-30 22:36 ` drepper.fsp at gmail dot com
2011-05-30 23:08 ` chianshin at gmail dot com
2014-06-13 14:41 ` fweimer at redhat dot com

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).