--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: libc6: an interrupted msgrcv() call seems to corrupt sscanf behaviour
- From: Frederic Boiteux <fboiteux@calistel.com>
- Date: Fri, 25 May 2007 15:27:33 +0200
- Message-id: <20070525132733.29853.32526.reportbug@Prem1s.calistel.com>
Package: libc6
Version: 2.3.6.ds1-13
Severity: normal
Hello,
I've found a behaviour difference in a C program, running correctly on
Woody and don't in Sarge or Etch systems.
The problem is in a "%n" converter sometimes not honoured as it should
be, this only after an interrupted IPC message receive.
I've built a testcase (see end of report) to let others reproduce it.
Running the original faulty program with electric-fence library
produced a core with a memory fault in sscanf(), but I didn't reproduce
it with the testcase.
I don't have a Sid computer to test it, but I'll try to build a chroot
to do this.
Here is the C program testcase.c :
/*
Test case for a possible glibc bug.
Frédéric Boiteux <fboiteux@calistel.com>
Scan two times the same string for each word with a sscanf(). Between
them, wait for an IPC message using msgrcv() ; someone should
interrupt this message receive using SIGALRM signal, like with
command : killall -ALRM testcase
The second scan fails, the '%n' converter isn't honoured !
Tested on i386 architecture :
O.K. on Debian GNU/Linux 3.0 (Woody), libc6 version 2.2.5-11.8
Problem on Debian GNU/Linux 3.1 (Sarge), libc6 version 2.3.2.ds1-22sarge6
Problem on Debian GNU/Linux 3.0 (Etch), libc6 version 2.3.6.ds1-13
Sample output :
string='Hello world!!!!', res=1, word='Hello', n=6
string='world!!!!', res=1, word='world!!!!', n=9
string='', res=-1, word='world!!!!', n=-1
msgrcv()=-1, errno=4
string='Hello world!!!!', res=1, word='Hello', n=6
string='world!!!!', res=1, word='world!!!!', n=-1
Problem!
*/
#include <sys/types.h>
#include <sys/ipc.h>
#include <sys/msg.h>
#include <errno.h>
#include <signal.h>
#include <stdio.h>
struct msgbuf {
long int mtype; /* type of received/sent message */
char mtext[1]; /* text of the message */
};
void scan(char *string)
{
int n, res;
char word[100];
do {
n = -1;
res = sscanf(string, "%s %n", word, &n);
printf("string='%s', res=%d, word='%s', n=%d\n",
string, res, word, n);
if (n >= 0) string += n;
if ((res == 1) && (n < 0)) {
fprintf(stderr, "Problem!\n");
break;
}
} while (res == 1);
}
void nop(int sig) { }
void setsighandler(void)
{
struct sigaction action;
// set a no-op handler on SIGALRM signal
sigemptyset(&action.sa_mask);
action.sa_flags = 0;
action.sa_handler = nop;
if (sigaction(SIGALRM, &action, NULL) == -1)
perror("Err in fonction sigaction !\n");
}
void msget()
{
struct msgbuf msgp;
int qid;
int res;
// create a message queue
if ((qid = msgget(IPC_PRIVATE, 0666 | IPC_CREAT)) < 0)
perror("problem in msgget()");
// wait for a message
res = msgrcv(qid, &msgp, 1, 0, 0);
// after signal receive, should return -1 and errno=4 (EINTR)
...
printf("msgrcv()=%d, errno=%d\n", res, errno);
}
int main(void)
{
scan("Hello world!!!!"); // expected result
setsighandler();
msget();
scan("Hello world!!!!"); // fails
return 0;
}
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-dev
Locale: LANG=fr_FR@euro, LC_CTYPE=fr_FR@euro (charmap=ISO-8859-15)
Versions of packages libc6 depends on:
ii tzdata 2007b-1 Time Zone and Daylight Saving Time
libc6 recommends no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: glibc
Source-Version: 2.3.6.ds1-13etch4
We believe that the bug you reported is fixed in the latest version of
glibc, which is due to be installed in the Debian FTP archive:
glibc-doc_2.3.6.ds1-13etch4_all.deb
to pool/main/g/glibc/glibc-doc_2.3.6.ds1-13etch4_all.deb
glibc_2.3.6.ds1-13etch4.diff.gz
to pool/main/g/glibc/glibc_2.3.6.ds1-13etch4.diff.gz
glibc_2.3.6.ds1-13etch4.dsc
to pool/main/g/glibc/glibc_2.3.6.ds1-13etch4.dsc
libc6-dbg_2.3.6.ds1-13etch4_amd64.deb
to pool/main/g/glibc/libc6-dbg_2.3.6.ds1-13etch4_amd64.deb
libc6-dev-i386_2.3.6.ds1-13etch4_amd64.deb
to pool/main/g/glibc/libc6-dev-i386_2.3.6.ds1-13etch4_amd64.deb
libc6-dev_2.3.6.ds1-13etch4_amd64.deb
to pool/main/g/glibc/libc6-dev_2.3.6.ds1-13etch4_amd64.deb
libc6-i386_2.3.6.ds1-13etch4_amd64.deb
to pool/main/g/glibc/libc6-i386_2.3.6.ds1-13etch4_amd64.deb
libc6-pic_2.3.6.ds1-13etch4_amd64.deb
to pool/main/g/glibc/libc6-pic_2.3.6.ds1-13etch4_amd64.deb
libc6-prof_2.3.6.ds1-13etch4_amd64.deb
to pool/main/g/glibc/libc6-prof_2.3.6.ds1-13etch4_amd64.deb
libc6-udeb_2.3.6.ds1-13etch4_amd64.udeb
to pool/main/g/glibc/libc6-udeb_2.3.6.ds1-13etch4_amd64.udeb
libc6_2.3.6.ds1-13etch4_amd64.deb
to pool/main/g/glibc/libc6_2.3.6.ds1-13etch4_amd64.deb
libnss-dns-udeb_2.3.6.ds1-13etch4_amd64.udeb
to pool/main/g/glibc/libnss-dns-udeb_2.3.6.ds1-13etch4_amd64.udeb
libnss-files-udeb_2.3.6.ds1-13etch4_amd64.udeb
to pool/main/g/glibc/libnss-files-udeb_2.3.6.ds1-13etch4_amd64.udeb
locales-all_2.3.6.ds1-13etch4_amd64.deb
to pool/main/g/glibc/locales-all_2.3.6.ds1-13etch4_amd64.deb
locales_2.3.6.ds1-13etch4_all.deb
to pool/main/g/glibc/locales_2.3.6.ds1-13etch4_all.deb
nscd_2.3.6.ds1-13etch4_amd64.deb
to pool/main/g/glibc/nscd_2.3.6.ds1-13etch4_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 426000@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Aurelien Jarno <aurel32@debian.org> (supplier of updated glibc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 17 Aug 2007 00:24:28 +0200
Source: glibc
Binary: libc0.1-prof libc6-dev-amd64 locales-all libc6-i686 libc6-dev-ppc64 libc0.3-pic glibc-doc libc0.3 libc0.1-i686 libc0.1-i386 libc6.1-dev libc6-s390x libnss-files-udeb libc0.1-dev-i386 libc6-dev-sparc64 libc6-i386 libc0.3-dev libc6-udeb libc6-dbg libc6.1-pic libc6-dev libc0.3-prof libc6-sparcv9 libc0.1-udeb libc6-dev-i386 libc6.1-prof libc0.1-dev locales libc6-pic libc0.3-udeb libc6-dev-powerpc libc0.1-pic libc6-ppc64 libc0.3-dbg libc0.1-dbg libc6-amd64 libc0.1 libc6-prof libc6-xen libc6-powerpc libc6 libc6-sparcv9b libc6.1-udeb libc6.1-dbg nscd libc6-sparc64 libnss-dns-udeb libc6.1 libc6-dev-s390x
Architecture: source amd64 all
Version: 2.3.6.ds1-13etch4
Distribution: stable
Urgency: low
Maintainer: Aurelien Jarno <aurel32@debian.org>
Changed-By: Aurelien Jarno <aurel32@debian.org>
Description:
glibc-doc - GNU C Library: Documentation
libc6 - GNU C Library: Shared libraries
libc6-dbg - GNU C Library: Libraries with debugging symbols
libc6-dev - GNU C Library: Development Libraries and Header Files
libc6-dev-i386 - GNU C Library: 32bit development libraries for AMD64
libc6-i386 - GNU C Library: 32bit shared libraries for AMD64
libc6-pic - GNU C Library: PIC archive library
libc6-prof - GNU C Library: Profiling Libraries
libc6-udeb - GNU C Library: Shared libraries - udeb (udeb)
libnss-dns-udeb - GNU C Library: NSS helper for DNS - udeb (udeb)
libnss-files-udeb - GNU C Library: NSS helper for files - udeb (udeb)
locales - GNU C Library: National Language (locale) data [support]
locales-all - GNU C Library: Precompiled locale data
nscd - GNU C Library: Name Service Cache Daemon
Closes: 426000
Changes:
glibc (2.3.6.ds1-13etch4) stable; urgency=low
.
* patches/any/cvs-vfscanf.diff: add additional test for EOF
in loop to look for conversion specifier to avoid testing of
wrong errno value. Closes: #426000.
Files:
ffa8e3b6b08d8162a1f32c5b90e3265d 2192 libs required glibc_2.3.6.ds1-13etch4.dsc
8c02c828ca75d663618b53bbc77676ba 913948 libs required glibc_2.3.6.ds1-13etch4.diff.gz
18b00f8ae9988e62488269a78429c389 1480764 doc optional glibc-doc_2.3.6.ds1-13etch4_all.deb
65e1cc6e75e3d8a72ddb3197a715e56e 4008766 libs standard locales_2.3.6.ds1-13etch4_all.deb
ea4716157fb7effe347ef0d366d7e0e6 4180676 libs required libc6_2.3.6.ds1-13etch4_amd64.deb
9b9ed67c9ba16a50876541dcf8933924 2118144 libdevel optional libc6-dev_2.3.6.ds1-13etch4_amd64.deb
2fa4225255df6874bb4f7e3684ea25aa 1576990 libdevel extra libc6-prof_2.3.6.ds1-13etch4_amd64.deb
e647e4d4212aea6ba2c03882e5406022 1405610 libdevel optional libc6-pic_2.3.6.ds1-13etch4_amd64.deb
a40c288e19ca47a2852424409702bb95 6166998 libs extra locales-all_2.3.6.ds1-13etch4_amd64.deb
eaa008c4347bde6828a4e13c1b9318bd 3070626 libs optional libc6-i386_2.3.6.ds1-13etch4_amd64.deb
51c89903a4e55199b6578ecfb5b07b20 1583918 libdevel optional libc6-dev-i386_2.3.6.ds1-13etch4_amd64.deb
01f2699ee3bd95b82121c4d325bc1c4c 146014 admin optional nscd_2.3.6.ds1-13etch4_amd64.deb
382834405a07b5d7677b1635f9f7fd7f 2297154 libdevel extra libc6-dbg_2.3.6.ds1-13etch4_amd64.deb
3a73bdea1e37625b6395441be037d72e 1042648 debian-installer extra libc6-udeb_2.3.6.ds1-13etch4_amd64.udeb
1df3a8d386a4f8fe5176519167640efc 9572 debian-installer extra libnss-dns-udeb_2.3.6.ds1-13etch4_amd64.udeb
58cd03799181c2554e87296079ff9116 17202 debian-installer extra libnss-files-udeb_2.3.6.ds1-13etch4_amd64.udeb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGxTvGw3ao2vG823MRAvkvAJ9AB/NrsV4yQtwksJ2SSj4leCgdrwCeM60z
sElTtjRP+shSdREP9C93Xcs=
=Ug//
-----END PGP SIGNATURE-----
--- End Message ---