public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug libc/16274] New: shm_open changes break webkitgtk (at least)
@ 2013-11-28 23:58 kevin at scrye dot com
2013-11-29 0:00 ` [Bug libc/16274] " kevin at scrye dot com
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: kevin at scrye dot com @ 2013-11-28 23:58 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=16274
Bug ID: 16274
Summary: shm_open changes break webkitgtk (at least)
Product: glibc
Version: 2.19
Status: NEW
Severity: normal
Priority: P2
Component: libc
Assignee: unassigned at sourceware dot org
Reporter: kevin at scrye dot com
CC: drepper.fsp at gmail dot com
The changes in:
http://sourceware.org/git/?p=glibc.git;a=commit;h=5d30d853295a5fe04cad22fdf649c5e0da6ded8c
seem to have broken webkitgtk3's shm_open at least.
To duplicate:
Install any glibc for fedora rawhide after 2.18.90-13.
run epiphany
With 2.18.90-13 and earlier, things work fine.
after that (with the above commit), it just spews:
"Failed to create shared memory file /WK2SharedMemory.NNNNNNNNN"
Running gdb on it with the new version:
Breakpoint 2, shm_open (name=0x7ffff7ebb5b0 "/WK2SharedMemory.1361819225",
oflag=524354, mode=384)
at ../sysdeps/unix/sysv/linux/shm_open.c:132
132 {
(gdb)
138 __libc_once (once, where_is_shmfs);
(gdb)
132 {
(gdb)
138 __libc_once (once, where_is_shmfs);
(gdb)
pthread_once () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_once.S:44
44 testl $2, (%rdi)
(gdb)
45 jz 1f
(gdb)
46 xorl %eax, %eax
(gdb)
pthread_once () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_once.S:47
47 retq
(gdb)
shm_open (name=0x7ffff7ebb5b0 "/WK2SharedMemory.1361819225", oflag=524354,
mode=384)
at ../sysdeps/unix/sysv/linux/shm_open.c:141
141 if (mountpoint.dir == NULL)
(gdb)
148 while (name[0] == '/')
(gdb)
149 ++name;
(gdb)
148 while (name[0] == '/')
(gdb)
151 namelen = strlen (name);
(gdb)
strlen () at ../sysdeps/x86_64/strlen.S:66
66 pxor %xmm8, %xmm8
(gdb)
67 pxor %xmm9, %xmm9
(gdb)
68 pxor %xmm10, %xmm10
(gdb)
69 pxor %xmm11, %xmm11
(gdb)
70 movq %rdi, %rax
(gdb)
71 movq %rdi, %rcx
(gdb)
72 andq $4095, %rcx
(gdb)
74 cmpq $4047, %rcx
(gdb)
76 ja L(cross_page)
(gdb)
106 movdqu (%rax), %xmm12
(gdb)
107 pcmpeqb %xmm8, %xmm12
(gdb)
108 pmovmskb %xmm12, %edx
(gdb)
109 test %edx, %edx
(gdb)
110 je L(next48_bytes)
(gdb)
116 andq $-16, %rax
(gdb)
117 pcmpeqb 16(%rax), %xmm9
(gdb)
118 pcmpeqb 32(%rax), %xmm10
(gdb)
119 pcmpeqb 48(%rax), %xmm11
(gdb)
120 pmovmskb %xmm9, %edx
(gdb)
121 pmovmskb %xmm10, %r8d
(gdb)
122 pmovmskb %xmm11, %ecx
(gdb)
123 salq $16, %rdx
(gdb)
124 salq $16, %rcx
(gdb)
125 orq %r8, %rcx
(gdb)
126 salq $32, %rcx
(gdb)
127 orq %rcx, %rdx
(gdb)
132 PROLOG(loop)
(gdb)
shm_open (name=0x7ffff7ebb5b1 "WK2SharedMemory.1361819225", oflag=524354,
mode=384)
at ../sysdeps/unix/sysv/linux/shm_open.c:154
154 if (name[0] == '\0' || namelen > NAME_MAX || strchr (name, '/') ==
NULL)
(gdb)
151 namelen = strlen (name);
(gdb)
154 if (name[0] == '\0' || namelen > NAME_MAX || strchr (name, '/') ==
NULL)
(gdb)
__strchr_sse2 () at ../sysdeps/x86_64/strchr.S:24
24 movd %esi, %xmm1
(gdb)
25 movl %edi, %eax
(gdb)
26 andl $4095, %eax
(gdb)
27 punpcklbw %xmm1, %xmm1
(gdb)
28 cmpl $4032, %eax
(gdb)
29 punpcklwd %xmm1, %xmm1
(gdb)
30 pshufd $0, %xmm1, %xmm1
(gdb)
31 jg L(cross_page)
(gdb)
32 movdqu (%rdi), %xmm0
(gdb)
33 pxor %xmm3, %xmm3
(gdb)
34 movdqa %xmm0, %xmm4
(gdb)
35 pcmpeqb %xmm1, %xmm0
(gdb)
36 pcmpeqb %xmm3, %xmm4
(gdb)
37 por %xmm4, %xmm0
(gdb)
38 pmovmskb %xmm0, %eax
(gdb)
39 test %eax, %eax
(gdb)
40 je L(next_48_bytes)
(gdb)
54 movdqu 16(%rdi), %xmm0
(gdb)
55 movdqa %xmm0, %xmm4
(gdb)
56 pcmpeqb %xmm1, %xmm0
(gdb)
57 pcmpeqb %xmm3, %xmm4
(gdb)
58 por %xmm4, %xmm0
(gdb)
59 pmovmskb %xmm0, %ecx
(gdb)
60 movdqu 32(%rdi), %xmm0
(gdb)
61 movdqa %xmm0, %xmm4
(gdb)
62 pcmpeqb %xmm1, %xmm0
(gdb)
63 salq $16, %rcx
(gdb)
64 pcmpeqb %xmm3, %xmm4
(gdb)
65 por %xmm4, %xmm0
(gdb)
66 pmovmskb %xmm0, %eax
(gdb)
67 movdqu 48(%rdi), %xmm0
(gdb)
68 pcmpeqb %xmm0, %xmm3
(gdb)
69 salq $32, %rax
(gdb)
70 pcmpeqb %xmm1, %xmm0
(gdb)
71 orq %rcx, %rax
(gdb)
72 por %xmm3, %xmm0
(gdb)
73 pmovmskb %xmm0, %ecx
(gdb)
74 salq $48, %rcx
(gdb)
75 orq %rcx, %rax
(gdb)
76 testq %rax, %rax
(gdb)
77 jne L(return)
(gdb)
129 bsfq %rax, %rax
(gdb)
133 movl $0, %edx
(gdb)
134 leaq (%rdi,%rax), %rax
(gdb)
135 cmpb %sil, (%rax)
(gdb)
136 cmovne %rdx, %rax
(gdb)
__strchr_sse2 () at ../sysdeps/x86_64/strchr.S:138
138 ret
(gdb)
shm_open (name=0x7ffff7ebb5b1 "WK2SharedMemory.1361819225", oflag=524354,
mode=384)
at ../sysdeps/unix/sysv/linux/shm_open.c:156
156 __set_errno (EINVAL);
(gdb) step
157 return -1;
(gdb) step
215 }
(gdb) step
0x00007ffff5b74f14 in WebKit::SharedMemory::create(unsigned long) ()
from /lib64/libwebkit2gtk-3.0.so.25
(gdb) print errno
$7 = 22
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug libc/16274] shm_open changes break webkitgtk (at least)
2013-11-28 23:58 [Bug libc/16274] New: shm_open changes break webkitgtk (at least) kevin at scrye dot com
@ 2013-11-29 0:00 ` kevin at scrye dot com
2013-12-03 19:18 ` cvs-commit at gcc dot gnu.org
2014-06-13 9:31 ` fweimer at redhat dot com
2 siblings, 0 replies; 4+ messages in thread
From: kevin at scrye dot com @ 2013-11-29 0:00 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=16274
--- Comment #1 from Kevin Fenzi <kevin at scrye dot com> ---
Fyi, the code in webkitgtk is:
CString tempName;
int fileDescriptor = -1;
for (int tries = 0; fileDescriptor == -1 && tries < 10; ++tries) {
String name = String("WK2SharedMemory.") +
String::number(static_cast<unsigned>(WTF::randomNumber() *
(std::numeric_limits<unsigned>::max() + 1.0)));
tempName = name.utf8();
do {
fileDescriptor = shm_open(tempName.data(), O_CREAT | O_CLOEXEC |
O_RDWR, S_IRUSR | S_IWUSR);
} while (fileDescriptor == -1 && errno == EINTR);
}
if (fileDescriptor == -1) {
WTFLogAlways("Failed to create shared memory file %s",
tempName.data());
return 0;
}
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug libc/16274] shm_open changes break webkitgtk (at least)
2013-11-28 23:58 [Bug libc/16274] New: shm_open changes break webkitgtk (at least) kevin at scrye dot com
2013-11-29 0:00 ` [Bug libc/16274] " kevin at scrye dot com
@ 2013-12-03 19:18 ` cvs-commit at gcc dot gnu.org
2014-06-13 9:31 ` fweimer at redhat dot com
2 siblings, 0 replies; 4+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2013-12-03 19:18 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=16274
--- Comment #2 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, master has been updated
via b20de2c3d9d751eb259c321426188eefc64fcbe9 (commit)
from 34e16df5a1a46e128edb9eb44a09ac5762957136 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b20de2c3d9d751eb259c321426188eefc64fcbe9
commit b20de2c3d9d751eb259c321426188eefc64fcbe9
Author: Ondřej Bílka <neleai@seznam.cz>
Date: Tue Dec 3 20:16:01 2013 +0100
Properly handle shm_open validation. Fixes bug 16274.
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 8 +++++
rt/tst-shm.c | 56 +++++++++++++----------------------
sysdeps/unix/sysv/linux/shm_open.c | 4 +-
3 files changed, 31 insertions(+), 37 deletions(-)
--
You are receiving this mail because:
You are on the CC list for the bug.
>From glibc-bugs-return-20392-listarch-glibc-bugs=sources.redhat.com@sourceware.org Tue Dec 03 19:22:18 2013
Return-Path: <glibc-bugs-return-20392-listarch-glibc-bugs=sources.redhat.com@sourceware.org>
Delivered-To: listarch-glibc-bugs@sources.redhat.com
Received: (qmail 31699 invoked by alias); 3 Dec 2013 19:22:18 -0000
Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <glibc-bugs.sourceware.org>
List-Subscribe: <mailto:glibc-bugs-subscribe@sourceware.org>
List-Post: <mailto:glibc-bugs@sourceware.org>
List-Help: <mailto:glibc-bugs-help@sourceware.org>, <http://sourceware.org/lists.html#faqs>
Sender: glibc-bugs-owner@sourceware.org
Delivered-To: mailing list glibc-bugs@sourceware.org
Received: (qmail 31659 invoked by uid 48); 3 Dec 2013 19:22:15 -0000
From: "neleai at seznam dot cz" <sourceware-bugzilla@sourceware.org>
To: glibc-bugs@sourceware.org
Subject: [Bug libc/16274] shm_open changes break webkitgtk (at least)
Date: Tue, 03 Dec 2013 19:22:00 -0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: glibc
X-Bugzilla-Component: libc
X-Bugzilla-Version: 2.19
X-Bugzilla-Keywords:
X-Bugzilla-Severity: normal
X-Bugzilla-Who: neleai at seznam dot cz
X-Bugzilla-Status: RESOLVED
X-Bugzilla-Priority: P2
X-Bugzilla-Assigned-To: unassigned at sourceware dot org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields: bug_status cc resolution
Message-ID: <bug-16274-131-S5OIq14jAF@http.sourceware.org/bugzilla/>
In-Reply-To: <bug-16274-131@http.sourceware.org/bugzilla/>
References: <bug-16274-131@http.sourceware.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: http://sourceware.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-SW-Source: 2013-12/txt/msg00038.txt.bz2
Content-length: 572
https://sourceware.org/bugzilla/show_bug.cgi?id\x16274
Ondrej Bilka <neleai at seznam dot cz> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
CC| |neleai at seznam dot cz
Resolution|--- |FIXED
--- Comment #3 from Ondrej Bilka <neleai at seznam dot cz> ---
Fixed.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug libc/16274] shm_open changes break webkitgtk (at least)
2013-11-28 23:58 [Bug libc/16274] New: shm_open changes break webkitgtk (at least) kevin at scrye dot com
2013-11-29 0:00 ` [Bug libc/16274] " kevin at scrye dot com
2013-12-03 19:18 ` cvs-commit at gcc dot gnu.org
@ 2014-06-13 9:31 ` fweimer at redhat dot com
2 siblings, 0 replies; 4+ messages in thread
From: fweimer at redhat dot com @ 2014-06-13 9:31 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=16274
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Flags| |security-
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2014-06-13 9:31 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-11-28 23:58 [Bug libc/16274] New: shm_open changes break webkitgtk (at least) kevin at scrye dot com
2013-11-29 0:00 ` [Bug libc/16274] " kevin at scrye dot com
2013-12-03 19:18 ` cvs-commit at gcc dot gnu.org
2014-06-13 9:31 ` fweimer at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).