public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug libc/16179] New: pointer mangling makes setnetgrent's setup racy
@ 2013-11-17 4:46 aoliva at sourceware dot org
2013-11-17 8:12 ` [Bug libc/16179] " neleai at seznam dot cz
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: aoliva at sourceware dot org @ 2013-11-17 4:46 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=16179
Bug ID: 16179
Summary: pointer mangling makes setnetgrent's setup racy
Product: glibc
Version: 2.18
Status: NEW
Severity: normal
Priority: P2
Component: libc
Assignee: unassigned at sourceware dot org
Reporter: aoliva at sourceware dot org
CC: drepper.fsp at gmail dot com
inet/getnetgrent_r.c:setup says:
<quote>
static bool startp_initialized;
static service_user *startp;
int no_more;
if (!startp_initialized)
{
/* Executing this more than once at the same time must yield the
same result every time. So we need no locking. */
no_more = __nss_netgroup_lookup (nipp, "setnetgrent", fctp);
startp = no_more ? (service_user *) -1 : *nipp;
#ifdef PTR_MANGLE
PTR_MANGLE (startp);
#endif
</quote>
If PTR_MANGLE is defined so as to modify startp, we will write to startp twice,
once without mangling, once with mangling, which breaks the assumption that we
need no locking: we'll have two results, one mangled, and another not mangled,
that might unexpectedly be used by a thread that won the initialization race,
if it happens to use the intermediate value written by the loser before it
computes and stores the final mangled value.
We should use an automatic variable to hold the intermediate value, mangle it
there, and only then store it in static storage.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug libc/16179] pointer mangling makes setnetgrent's setup racy
2013-11-17 4:46 [Bug libc/16179] New: pointer mangling makes setnetgrent's setup racy aoliva at sourceware dot org
@ 2013-11-17 8:12 ` neleai at seznam dot cz
2013-11-17 23:33 ` aoliva at sourceware dot org
2015-08-23 1:14 ` [Bug network/16179] " jsm28 at gcc dot gnu.org
2 siblings, 0 replies; 4+ messages in thread
From: neleai at seznam dot cz @ 2013-11-17 8:12 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=16179
Ondrej Bilka <neleai at seznam dot cz> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |neleai at seznam dot cz
--- Comment #1 from Ondrej Bilka <neleai at seznam dot cz> ---
Do you have patch for that?
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug libc/16179] pointer mangling makes setnetgrent's setup racy
2013-11-17 4:46 [Bug libc/16179] New: pointer mangling makes setnetgrent's setup racy aoliva at sourceware dot org
2013-11-17 8:12 ` [Bug libc/16179] " neleai at seznam dot cz
@ 2013-11-17 23:33 ` aoliva at sourceware dot org
2015-08-23 1:14 ` [Bug network/16179] " jsm28 at gcc dot gnu.org
2 siblings, 0 replies; 4+ messages in thread
From: aoliva at sourceware dot org @ 2013-11-17 23:33 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=16179
--- Comment #2 from Alexandre Oliva <aoliva at sourceware dot org> ---
No, I didn't write a patch, I only reported the bug to avoid forgetting about a
problem noticed while in the middle of another project.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug network/16179] pointer mangling makes setnetgrent's setup racy
2013-11-17 4:46 [Bug libc/16179] New: pointer mangling makes setnetgrent's setup racy aoliva at sourceware dot org
2013-11-17 8:12 ` [Bug libc/16179] " neleai at seznam dot cz
2013-11-17 23:33 ` aoliva at sourceware dot org
@ 2015-08-23 1:14 ` jsm28 at gcc dot gnu.org
2 siblings, 0 replies; 4+ messages in thread
From: jsm28 at gcc dot gnu.org @ 2015-08-23 1:14 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=16179
Joseph Myers <jsm28 at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Component|libc |network
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2015-08-23 1:14 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-11-17 4:46 [Bug libc/16179] New: pointer mangling makes setnetgrent's setup racy aoliva at sourceware dot org
2013-11-17 8:12 ` [Bug libc/16179] " neleai at seznam dot cz
2013-11-17 23:33 ` aoliva at sourceware dot org
2015-08-23 1:14 ` [Bug network/16179] " jsm28 at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).