From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <libc-hacker-return-7437-listarch-libc-hacker=sources.redhat.com@sources.redhat.com>
Received: (qmail 11351 invoked by alias); 22 Mar 2004 14:29:00 -0000
Mailing-List: contact libc-hacker-help@sources.redhat.com; run by ezmlm
Precedence: bulk
List-Subscribe: <mailto:libc-hacker-subscribe@sources.redhat.com>
List-Archive: <http://sources.redhat.com/ml/libc-hacker/>
List-Post: <mailto:libc-hacker@sources.redhat.com>
List-Help: <mailto:libc-hacker-help@sources.redhat.com>, <http://sources.redhat.com/ml/#faqs>
Sender: libc-hacker-owner@sources.redhat.com
Received: (qmail 11249 invoked from network); 22 Mar 2004 14:28:58 -0000
Received: from unknown (HELO sunsite.ms.mff.cuni.cz) (195.113.15.26)
  by sources.redhat.com with SMTP; 22 Mar 2004 14:28:58 -0000
Received: from sunsite.ms.mff.cuni.cz (sunsite.mff.cuni.cz [127.0.0.1])
	by sunsite.ms.mff.cuni.cz (8.12.8/8.12.8) with ESMTP id i2MCJJHS026765;
	Mon, 22 Mar 2004 13:19:19 +0100
Received: (from jakub@localhost)
	by sunsite.ms.mff.cuni.cz (8.12.8/8.12.8/Submit) id i2MCJIGB026763;
	Mon, 22 Mar 2004 13:19:18 +0100
Date: Mon, 22 Mar 2004 18:16:00 -0000
From: Jakub Jelinek <jakub@redhat.com>
To: Ulrich Drepper <drepper@redhat.com>
Cc: Glibc hackers <libc-hacker@sources.redhat.com>
Subject: [PATCH] Fix pthread_getattr_np
Message-ID: <20040322121918.GB15946@sunsite.ms.mff.cuni.cz>
Reply-To: Jakub Jelinek <jakub@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4i
X-SW-Source: 2004-03/txt/msg00117.txt.bz2

Hi!

On systems with more than 32 * 8 CPUs pthread_getattr_np would get into an
endless loop.  Furthermore, if realloc fails, we certainly shouldn't
dereference NULL pointer, but break out of the loop (free (cpuset) is done
after the loop on failures).
The other change is just trying to avoid buffer overflows on systems with
more than 16 billion CPUs (res is a signed value, so if kernel returned
non-error, but bigger than INT_MAX, the following memcpy would do the wrong
thing on 64-bit arches (clear some area beyond end of buffer)).

2004-03-22  Jakub Jelinek  <jakub@redhat.com>

	* sysdeps/unix/sysv/linux/pthread_getaffinity.c
	(__pthread_getaffinity_new): Use INT_MAX instead of UINT_MAX.
	* pthread_getattr_np.c (pthread_getattr_np): Double size every cycle.
	If realloc fails, break out of the loop.

--- libc/nptl/sysdeps/unix/sysv/linux/pthread_getaffinity.c.jj	2004-03-22 14:45:57.000000000 +0100
+++ libc/nptl/sysdeps/unix/sysv/linux/pthread_getaffinity.c	2004-03-22 15:18:42.402868578 +0100
@@ -34,7 +34,7 @@ __pthread_getaffinity_new (pthread_t th,
 
   INTERNAL_SYSCALL_DECL (err);
   int res = INTERNAL_SYSCALL (sched_getaffinity, err, 3, pd->tid,
-			      MIN (UINT_MAX, cpusetsize), cpuset);
+			      MIN (INT_MAX, cpusetsize), cpuset);
   if (INTERNAL_SYSCALL_ERROR_P (res, err))
     return INTERNAL_SYSCALL_ERRNO (res, err);
 
--- libc/nptl/pthread_getattr_np.c.jj	2004-03-22 14:42:35.000000000 +0100
+++ libc/nptl/pthread_getattr_np.c	2004-03-22 15:11:39.416215690 +0100
@@ -135,16 +135,18 @@ pthread_getattr_np (thread_id, attr)
 
   if (ret == 0)
     {
-      size_t size = 32;
+      size_t size = 16;
       cpu_set_t *cpuset = NULL;
 
       do
 	{
+	  size <<= 1;
+
 	  void *newp = realloc (cpuset, size);
 	  if (newp == NULL)
 	    {
-	      free (cpuset);
 	      ret = ENOMEM;
+	      break;
 	    }
 	  cpuset = (cpu_set_t *) newp;
 

	Jakub