[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

degfaults in rewind() with glibc 2.3.2



I have a very strange segfault with glibc 2.3.2, code worked with
earlier glibc versions. 

Program received signal SIGSEGV, Segmentation fault.
0x400873bd in _IO_seekoff_unlocked (fp=0x8049b68, offset=0, dir=0, mode=3) at ioseekoff.c:55
55      ioseekoff.c: No such file or directory.
        in ioseekoff.c
(gdb) bt
#0  0x400873bd in _IO_seekoff_unlocked (fp=0x8049b68, offset=0, dir=0, mode=3) at ioseekoff.c:55
#1  0x4008bf36 in *__GI_rewind (fp=0x8049b68) at rewind.c:38
#2  0x0804883a in main (argc=1, argv=0xbffff7c4) at test.c:40

I only get these segfaults in the mooix environment. Here's a test case:

int main (int argc, char **argv) {
        FILE *f;
        int i;

        char *dir = getenv("THIS");
        if (dir != NULL)
                chdir(getenv("THIS"));

        i = open("list", O_RDWR | O_NOFOLLOW);
        if (i < 0) {
                perror("open");
                exit(1);
        }
        f = fdopen(i, "r+");
        if (! f) {
                perror("fopen");
                exit(1);
        }
        fprintf(stderr, "at rewind; fileno(f) = %i\n", fileno(f));
        rewind(f);
        fprintf(stderr, "passed rewind\n");
        fclose(f);

        f = fopen("list", "r+");
        if (! f) {
                perror("fopen");
                exit(1);
        }
        fprintf(stderr, "at rewind; fileno(f) = %i\n", fileno(f));
        rewind(f);
        fprintf(stderr, "passed rewind\n");
        fclose(f);
        exit(1);
}   

It segfaults at the second rewind. 

If this is run in the mooix environment, a LD_PRELOADed wrapper library
intercepts the open and fopen calls. In the case of fopen, it's converted
into an open call. Then they are proxied them through to the mooix daemon,
which does the open, and passes back a file descriptor. Then for fopen,
the wrapper library fdopen's the file descriptor to get the FILE to return.

I can't see any bugs in my wrapper library, and I've checked all the obvious
things, I think. As far as I can tell my wrapper library is parsing "r+"
correctly, is passing the right arguments to the daemon, and is getting back
a valid fd, and making a valid FILE out of it. But surely something in there
does something that taints the FILE so glibc cannot rewind it.

If, before the second rewind, I put f = fdopen(fileno(f), "r+"), then it
doesn't segfault any more. Other workarounds that work include changing the
code to not rewind at all -- it can go on and write to f without any
segfaults.

I'm at my wits end so if anyone can see why it'd segfault where it
does in the backtrace above, or knows of any recent changes in glibc or
libio that might have led to the problem, I would really appreciate some
help.

-- 
see shy jo

Attachment: pgpGBkX1aH1fs.pgp
Description: PGP signature


Reply to: