From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 1968 invoked by alias); 30 May 2011 18:50:59 -0000 Received: (qmail 1955 invoked by uid 22791); 30 May 2011 18:50:58 -0000 X-SWARE-Spam-Status: No, hits=-2.8 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 X-Spam-Check-By: sourceware.org Received: from localhost (HELO sourceware.org) (127.0.0.1) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Mon, 30 May 2011 18:50:44 +0000 From: "chianshin at gmail dot com" To: glibc-bugs@sources.redhat.com Subject: [Bug libc/12825] New: write function returning -1 in cookie_io_functions_t will crash the program X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: libc X-Bugzilla-Keywords: X-Bugzilla-Severity: critical X-Bugzilla-Who: chianshin at gmail dot com X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: drepper.fsp at gmail dot com X-Bugzilla-Target-Milestone: --- X-Bugzilla-Changed-Fields: Message-ID: X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated Content-Type: text/plain; charset="UTF-8" MIME-Version: 1.0 Date: Mon, 30 May 2011 18:50:00 -0000 Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-owner@sourceware.org X-SW-Source: 2011-05/txt/msg00268.txt.bz2 http://sourceware.org/bugzilla/show_bug.cgi?id=12825 Summary: write function returning -1 in cookie_io_functions_t will crash the program Product: glibc Version: unspecified Status: NEW Severity: critical Priority: P2 Component: libc AssignedTo: drepper.fsp@gmail.com ReportedBy: chianshin@gmail.com This program which is from http://www.kernel.org/doc/man-pages/online/pages/man3/fopencookie.3.html The webpage also stated that if error happens, write should return -1; But I found that returning -1 will crash the program. The reason is explained in this bugzilla report. http://sourceware.org/bugzilla/show_bug.cgi?id=2074 But glibc did fix the above bug. Linux driver will also return negative value when error happens, Does it have the same problem as the program here? //=========================================================== #define _GNU_SOURCE #include #include #include #include #include #include "assert.h" #define INIT_BUF_SIZE 4 struct memfile_cookie { char *buf; /* Dynamically sized buffer for data */ size_t allocated; /* Size of buf */ size_t endpos; /* Number of characters in buf */ off_t offset; /* Current file offset in buf */ }; ssize_t memfile_write(void *c, const char *buf, size_t size) { return -1; } ssize_t memfile_read(void *c, char *buf, size_t size) { assert(0); return 0; } int memfile_seek(void *c, off64_t *offset, int whence) { assert(0); return 0; } int memfile_close(void *c) { struct memfile_cookie *cookie = c; free(cookie->buf); cookie->allocated = 0; cookie->buf = NULL; return 0; } int main(int argc, char *argv[]) { cookie_io_functions_t memfile_func = { .read = memfile_read, .write = memfile_write, .seek = memfile_seek, .close = memfile_close }; FILE *fp; struct memfile_cookie mycookie; /* Set up the cookie before calling fopencookie() */ mycookie.buf = malloc(INIT_BUF_SIZE); if (mycookie.buf == NULL) { perror("malloc"); exit(EXIT_FAILURE); } mycookie.allocated = INIT_BUF_SIZE; mycookie.offset = 0; mycookie.endpos = 0; fp = fopencookie(&mycookie,"w+", memfile_func); if (fp == NULL) { perror("fopencookie"); exit(EXIT_FAILURE); } enum CONST_T{BUFF_SIZE=9000}; char buff[BUFF_SIZE]={"good out"}; size_t out=fwrite(buff,BUFF_SIZE,1,fp); fprintf(stderr,"output size:%d\n",out); exit(EXIT_SUCCESS); } //=========================================================== -- Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.