Bug#426000: marked as done (libc6: an interrupted msgrcv() call seems to corrupt sscanf behaviour)

To: Aurelien Jarno <aurel32@debian.org>
Subject: Bug#426000: marked as done (libc6: an interrupted msgrcv() call seems to corrupt sscanf behaviour)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Sat, 18 Aug 2007 20:03:04 +0000
Message-id: <[🔎] handler.426000.D426000.118746718329881.ackdone@bugs.debian.org>
References: <E1IMUPC-0003LD-M1@ries.debian.org> <20070525132733.29853.32526.reportbug@Prem1s.calistel.com>

Your message dated Sat, 18 Aug 2007 19:56:18 +0000
with message-id <E1IMUPC-0003LD-M1@ries.debian.org>
and subject line Bug#426000: fixed in glibc 2.3.6.ds1-13etch4
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: libc6: an interrupted msgrcv() call seems to corrupt sscanf behaviour
From: Frederic Boiteux <fboiteux@calistel.com>
Date: Fri, 25 May 2007 15:27:33 +0200
Message-id: <20070525132733.29853.32526.reportbug@Prem1s.calistel.com>

Package: libc6
Version: 2.3.6.ds1-13
Severity: normal


  Hello,

I've found a behaviour difference in a C program, running correctly on 
Woody and don't in Sarge or Etch systems.

The problem is in a "%n" converter sometimes not honoured as it should 
be, this only after an interrupted IPC message receive.

I've built a testcase (see end of report) to let others reproduce it.
Running the original faulty program with electric-fence library
produced a core with a memory fault in sscanf(), but I didn't reproduce
it with the testcase.

I don't have a Sid computer to test it, but I'll try to build a chroot 
to do this.

Here is the C program testcase.c :


/*
  Test case for a possible glibc bug.
  Frédéric Boiteux <fboiteux@calistel.com>

  Scan two times the same string for each word with a sscanf(). Between
  them, wait for an IPC message using msgrcv() ; someone should
  interrupt this message receive using SIGALRM signal, like with
  command : killall -ALRM testcase
  The second scan fails, the '%n' converter isn't honoured !

  Tested on i386 architecture :
  O.K.    on Debian GNU/Linux 3.0 (Woody), libc6 version 2.2.5-11.8
  Problem on Debian GNU/Linux 3.1 (Sarge), libc6 version 2.3.2.ds1-22sarge6
  Problem on Debian GNU/Linux 3.0 (Etch),  libc6 version 2.3.6.ds1-13


  Sample output :
string='Hello world!!!!', res=1, word='Hello', n=6
string='world!!!!', res=1, word='world!!!!', n=9
string='', res=-1, word='world!!!!', n=-1
msgrcv()=-1, errno=4
string='Hello world!!!!', res=1, word='Hello', n=6
string='world!!!!', res=1, word='world!!!!', n=-1
Problem!

*/


#include <sys/types.h>
#include <sys/ipc.h>
#include <sys/msg.h>

#include <errno.h>
#include <signal.h>
#include <stdio.h>


struct msgbuf {
        long int mtype;             /* type of received/sent message */
        char mtext[1];              /* text of the message */
};


void scan(char *string)
{
        int n, res;
        char word[100];

        do {
                n = -1;
                res = sscanf(string, "%s %n", word, &n);
                printf("string='%s', res=%d, word='%s', n=%d\n",
                       string, res, word, n);
                if (n >= 0) string += n;
                if ((res == 1) && (n < 0)) {
                        fprintf(stderr, "Problem!\n");
                        break;
                }
        } while (res == 1);
}

void nop(int sig) { }

void setsighandler(void)
{
        struct sigaction action;

        // set a no-op handler on SIGALRM signal
        sigemptyset(&action.sa_mask);
        action.sa_flags    = 0;
        action.sa_handler  = nop;
        if (sigaction(SIGALRM, &action, NULL) == -1)
                perror("Err in fonction sigaction !\n");
}

void msget()
{
        struct msgbuf msgp;
        int qid;
        int res;

        // create a message queue
	if ((qid = msgget(IPC_PRIVATE, 0666 | IPC_CREAT)) < 0)
                perror("problem in msgget()");

        // wait for a message
	res = msgrcv(qid, &msgp, 1, 0, 0);
        // after signal receive, should return -1 and errno=4 (EINTR) 
...
        printf("msgrcv()=%d, errno=%d\n", res, errno);
}

int main(void)
{
        scan("Hello world!!!!"); // expected result

        setsighandler();
        msget();

        scan("Hello world!!!!"); // fails

        return 0;
}


-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-dev
Locale: LANG=fr_FR@euro, LC_CTYPE=fr_FR@euro (charmap=ISO-8859-15)

Versions of packages libc6 depends on:
ii  tzdata                        2007b-1    Time Zone and Daylight Saving Time

libc6 recommends no packages.

-- no debconf information

--- End Message ---

--- Begin Message ---

To: 426000-close@bugs.debian.org
Subject: Bug#426000: fixed in glibc 2.3.6.ds1-13etch4
From: Aurelien Jarno <aurel32@debian.org>
Date: Sat, 18 Aug 2007 19:56:18 +0000
Message-id: <E1IMUPC-0003LD-M1@ries.debian.org>

Source: glibc
Source-Version: 2.3.6.ds1-13etch4

We believe that the bug you reported is fixed in the latest version of
glibc, which is due to be installed in the Debian FTP archive:

glibc-doc_2.3.6.ds1-13etch4_all.deb
  to pool/main/g/glibc/glibc-doc_2.3.6.ds1-13etch4_all.deb
glibc_2.3.6.ds1-13etch4.diff.gz
  to pool/main/g/glibc/glibc_2.3.6.ds1-13etch4.diff.gz
glibc_2.3.6.ds1-13etch4.dsc
  to pool/main/g/glibc/glibc_2.3.6.ds1-13etch4.dsc
libc6-dbg_2.3.6.ds1-13etch4_amd64.deb
  to pool/main/g/glibc/libc6-dbg_2.3.6.ds1-13etch4_amd64.deb
libc6-dev-i386_2.3.6.ds1-13etch4_amd64.deb
  to pool/main/g/glibc/libc6-dev-i386_2.3.6.ds1-13etch4_amd64.deb
libc6-dev_2.3.6.ds1-13etch4_amd64.deb
  to pool/main/g/glibc/libc6-dev_2.3.6.ds1-13etch4_amd64.deb
libc6-i386_2.3.6.ds1-13etch4_amd64.deb
  to pool/main/g/glibc/libc6-i386_2.3.6.ds1-13etch4_amd64.deb
libc6-pic_2.3.6.ds1-13etch4_amd64.deb
  to pool/main/g/glibc/libc6-pic_2.3.6.ds1-13etch4_amd64.deb
libc6-prof_2.3.6.ds1-13etch4_amd64.deb
  to pool/main/g/glibc/libc6-prof_2.3.6.ds1-13etch4_amd64.deb
libc6-udeb_2.3.6.ds1-13etch4_amd64.udeb
  to pool/main/g/glibc/libc6-udeb_2.3.6.ds1-13etch4_amd64.udeb
libc6_2.3.6.ds1-13etch4_amd64.deb
  to pool/main/g/glibc/libc6_2.3.6.ds1-13etch4_amd64.deb
libnss-dns-udeb_2.3.6.ds1-13etch4_amd64.udeb
  to pool/main/g/glibc/libnss-dns-udeb_2.3.6.ds1-13etch4_amd64.udeb
libnss-files-udeb_2.3.6.ds1-13etch4_amd64.udeb
  to pool/main/g/glibc/libnss-files-udeb_2.3.6.ds1-13etch4_amd64.udeb
locales-all_2.3.6.ds1-13etch4_amd64.deb
  to pool/main/g/glibc/locales-all_2.3.6.ds1-13etch4_amd64.deb
locales_2.3.6.ds1-13etch4_all.deb
  to pool/main/g/glibc/locales_2.3.6.ds1-13etch4_all.deb
nscd_2.3.6.ds1-13etch4_amd64.deb
  to pool/main/g/glibc/nscd_2.3.6.ds1-13etch4_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 426000@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Aurelien Jarno <aurel32@debian.org> (supplier of updated glibc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 17 Aug 2007 00:24:28 +0200
Source: glibc
Binary: libc0.1-prof libc6-dev-amd64 locales-all libc6-i686 libc6-dev-ppc64 libc0.3-pic glibc-doc libc0.3 libc0.1-i686 libc0.1-i386 libc6.1-dev libc6-s390x libnss-files-udeb libc0.1-dev-i386 libc6-dev-sparc64 libc6-i386 libc0.3-dev libc6-udeb libc6-dbg libc6.1-pic libc6-dev libc0.3-prof libc6-sparcv9 libc0.1-udeb libc6-dev-i386 libc6.1-prof libc0.1-dev locales libc6-pic libc0.3-udeb libc6-dev-powerpc libc0.1-pic libc6-ppc64 libc0.3-dbg libc0.1-dbg libc6-amd64 libc0.1 libc6-prof libc6-xen libc6-powerpc libc6 libc6-sparcv9b libc6.1-udeb libc6.1-dbg nscd libc6-sparc64 libnss-dns-udeb libc6.1 libc6-dev-s390x
Architecture: source amd64 all
Version: 2.3.6.ds1-13etch4
Distribution: stable
Urgency: low
Maintainer: Aurelien Jarno <aurel32@debian.org>
Changed-By: Aurelien Jarno <aurel32@debian.org>
Description: 
 glibc-doc  - GNU C Library: Documentation
 libc6      - GNU C Library: Shared libraries
 libc6-dbg  - GNU C Library: Libraries with debugging symbols
 libc6-dev  - GNU C Library: Development Libraries and Header Files
 libc6-dev-i386 - GNU C Library: 32bit development libraries for AMD64
 libc6-i386 - GNU C Library: 32bit shared libraries for AMD64
 libc6-pic  - GNU C Library: PIC archive library
 libc6-prof - GNU C Library: Profiling Libraries
 libc6-udeb - GNU C Library: Shared libraries - udeb (udeb)
 libnss-dns-udeb - GNU C Library: NSS helper for DNS - udeb (udeb)
 libnss-files-udeb - GNU C Library: NSS helper for files - udeb (udeb)
 locales    - GNU C Library: National Language (locale) data [support]
 locales-all - GNU C Library: Precompiled locale data
 nscd       - GNU C Library: Name Service Cache Daemon
Closes: 426000
Changes: 
 glibc (2.3.6.ds1-13etch4) stable; urgency=low
 .
   * patches/any/cvs-vfscanf.diff: add additional test for EOF
     in loop to look for conversion specifier to avoid testing of
     wrong errno value.  Closes: #426000.
Files: 
 ffa8e3b6b08d8162a1f32c5b90e3265d 2192 libs required glibc_2.3.6.ds1-13etch4.dsc
 8c02c828ca75d663618b53bbc77676ba 913948 libs required glibc_2.3.6.ds1-13etch4.diff.gz
 18b00f8ae9988e62488269a78429c389 1480764 doc optional glibc-doc_2.3.6.ds1-13etch4_all.deb
 65e1cc6e75e3d8a72ddb3197a715e56e 4008766 libs standard locales_2.3.6.ds1-13etch4_all.deb
 ea4716157fb7effe347ef0d366d7e0e6 4180676 libs required libc6_2.3.6.ds1-13etch4_amd64.deb
 9b9ed67c9ba16a50876541dcf8933924 2118144 libdevel optional libc6-dev_2.3.6.ds1-13etch4_amd64.deb
 2fa4225255df6874bb4f7e3684ea25aa 1576990 libdevel extra libc6-prof_2.3.6.ds1-13etch4_amd64.deb
 e647e4d4212aea6ba2c03882e5406022 1405610 libdevel optional libc6-pic_2.3.6.ds1-13etch4_amd64.deb
 a40c288e19ca47a2852424409702bb95 6166998 libs extra locales-all_2.3.6.ds1-13etch4_amd64.deb
 eaa008c4347bde6828a4e13c1b9318bd 3070626 libs optional libc6-i386_2.3.6.ds1-13etch4_amd64.deb
 51c89903a4e55199b6578ecfb5b07b20 1583918 libdevel optional libc6-dev-i386_2.3.6.ds1-13etch4_amd64.deb
 01f2699ee3bd95b82121c4d325bc1c4c 146014 admin optional nscd_2.3.6.ds1-13etch4_amd64.deb
 382834405a07b5d7677b1635f9f7fd7f 2297154 libdevel extra libc6-dbg_2.3.6.ds1-13etch4_amd64.deb
 3a73bdea1e37625b6395441be037d72e 1042648 debian-installer extra libc6-udeb_2.3.6.ds1-13etch4_amd64.udeb
 1df3a8d386a4f8fe5176519167640efc 9572 debian-installer extra libnss-dns-udeb_2.3.6.ds1-13etch4_amd64.udeb
 58cd03799181c2554e87296079ff9116 17202 debian-installer extra libnss-files-udeb_2.3.6.ds1-13etch4_amd64.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGxTvGw3ao2vG823MRAvkvAJ9AB/NrsV4yQtwksJ2SSj4leCgdrwCeM60z
sElTtjRP+shSdREP9C93Xcs=
=Ug//
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: Bug#433870: marked as done (Sarge: TimeZone: New Zealand change to daylight time transition)
Next by Date: Processed: unmerging 433870, reopening 433870
Previous by thread: Bug#433870: marked as done (Sarge: TimeZone: New Zealand change to daylight time transition)
Next by thread: Processed: unmerging 433870, reopening 433870
Index(es):
- Date
- Thread