[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#696296: marked as done (qtwebkit: Sets FD_CLOEXEC incorrectly with F_SETFL instead of F_SETFD)

Your message dated Sun, 25 Aug 2019 15:35:34 +0000
with message-id <[🔎] E1i1uYI-000I51-W9@fasolo.debian.org>
and subject line Bug#935668: Removed package(s) from unstable
has caused the Debian Bug report #696296,
regarding qtwebkit: Sets FD_CLOEXEC incorrectly with F_SETFL instead of F_SETFD
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
696296: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696296
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Source: qtwebkit
Version: 2.2.1-5
Severity: important
Tags: patch
User: debian-bsd@lists.debian.org
Usertags: fcntl-fd-cloexec

Hi!

This package contains code that tries to set the FD_CLOEXEC flag for a
file descriptor, but it does using F_SETFL instead of F_SETFD.

Using that value on F_SETFL is just wrong, and might make the call fail
on some systems, as it's requesting to set an undetermined flag. For
example on GNU/* FD_CLOEXEC has value 1, which matches with O_WRONLY.

This might cause the code to at least leak file descriptors, and at
worst to terminate execution.

Attached a patch fixing this. (I'm filing bug reports for webkit and
the other packages embedding webkit too.)

Thanks,
Guillem

From a2bc96adfe779c5d33933a3fde8b9bef6a43bd7b Mon Sep 17 00:00:00 2001
From: Guillem Jover <guillem@hadrons.org>
Date: Wed, 19 Dec 2012 00:51:08 +0100
Subject: [PATCH] qtwebkit: Set FD_CLOEXEC correctly using F_SETFD not F_SETFL

Using that value on F_SETFL is just wrong, and might make the call fail
on some systems, as it's requesting to set an undetermined flag. For
example on GNU/* FD_CLOEXEC has value 1, which matches with O_WRONLY.

This might cause the code to at least leak file descriptors, and at worst
to terminate execution.
---
 Source/WebKit2/Platform/CoreIPC/unix/ConnectionUnix.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Source/WebKit2/Platform/CoreIPC/unix/ConnectionUnix.cpp b/Source/WebKit2/Platform/CoreIPC/unix/ConnectionUnix.cpp
index 92ffff3..588a3a6 100644
--- a/Source/WebKit2/Platform/CoreIPC/unix/ConnectionUnix.cpp
+++ b/Source/WebKit2/Platform/CoreIPC/unix/ConnectionUnix.cpp
@@ -217,7 +217,7 @@ void Connection::readyReadHandler()
                 attachmentCount--;
 
             for (int i = 0; i < attachmentCount; ++i) {
-                while (fcntl(fileDescriptors[i], F_SETFL, FD_CLOEXEC) == -1) {
+                while (fcntl(fileDescriptors[i], F_SETFD, FD_CLOEXEC) == -1) {
                     if (errno != EINTR) {
                         ASSERT_NOT_REACHED();
                         return;
-- 
1.8.1.rc0

--- End Message ---
--- Begin Message --- 
Version: 2.3.4.dfsg-10+rm

Dear submitter,

as the package qtwebkit has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/935668

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmaster@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)

--- End Message ---
Reply to: