Bug#39693: libc6: error in _IO_old_proc_open (libio/oldiopopen.c)
Package: libc6
Version: 2.1.1-12
Severity: normal
I was tracking down a problem in man-db (see #39686), and it turns out
to be an error in the compat code for popen(). This error is probably
triggered by any program that popens more than one stream at a time.
oldiopopen.c uses a variable old_proc_file_chain to keep track of the
currently open process streams. However, it always destroys this chain
just before adding a new stream. This happens around line 152.
(Normally one would expect this code to execute only in the child,
but the file #defines _IO_fork to vfork! Thus, the child clobbers
the parent's copy of old_proc_file_chain).
The new code, in iopopen.c, cunningly avoids this problem by introducing
a loop variable instead of messing with the global variable. I've used
that as the basis for preparing this patch. Please note that the
patch is UNTESTED.
--- /tmp/oldiopopen.c Thu Jun 17 23:45:15 1999
+++ oldiopopen.c Thu Jun 17 23:47:10 1999
@@ -140,6 +140,8 @@
if (child_pid == 0)
{
int child_std_end = mode[0] == 'r' ? 1 : 0;
+ struct _IO_proc_file *p;
+
_IO_close (parent_end);
if (child_end != child_std_end)
{
@@ -149,11 +151,8 @@
/* POSIX.2: "popen() shall ensure that any streams from previous
popen() calls that remain open in the parent process are closed
in the new child process." */
- while (old_proc_file_chain)
- {
- _IO_close (_IO_fileno ((_IO_FILE *) old_proc_file_chain));
- old_proc_file_chain = old_proc_file_chain->next;
- }
+ for (p = old_proc_file_chain; p; p = p->next)
+ _IO_close (_IO_fileno ((_IO_FILE *) p));
_IO_execl ("/bin/sh", "sh", "-c", command, (char *) 0);
_IO__exit (127);
-- System Information
Debian Release: potato
Kernel Version: Linux night 2.2.5 #1 Fri Apr 9 22:49:28 CEST 1999 i586 unknown
Versions of the packages libc6 depends on:
ii ldso 1.9.11-2 The Linux dynamic linker, library and utilit
Reply to: