login
Search
>Number: 6182System : OpenBSD 4.6 Details : OpenBSD 4.6 (GENERIC.MP) #67: Wed Jul 1 15:27:44 MDT 2009 deraadt@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP Architecture: OpenBSD.amd64 Machine : amd64 In src/lib/libc/nls/_catclose.c _catclose is declared this way: extern int _catclose(nl_catd); nl_catd is a type, but since the type is not declared in _catclose.c, the compiler assumes that nl_catd is an integer. In reality nl_catd is a pointer type. Since pointers and integers have a different size on amd64, it can cause corruptions on amd64. Here is a gdb backtrace demonstrating the problem: #0 _catclose (catd=0x2) at /usr/src/lib/libc/nls/catclose.c:42 No locals. #1 0x000000020e7d95f8 in __num2string (num=2, sign=1, setid=1, buf=0x20ec2dbe0 "No such file or directory", buflen=255, list=0x20e9f8940, max=91, def=0x20e8f1019 "Unknown error: ") at /usr/src/lib/libc/string/strerror_r.c:106 ret = 0 len = 25 catd = 0x202b1c020 catd value is not the same in strerror_r and _catclose. This bug is hard to reproduce. I managed to reproduce it reliabily on my amd64 machine with 2GB of RAM with the following Python code (any version of Python will do): import posix try: posix.execv('no such app-', ['no such app-']) except OSError: # A fd leaked at this point because catclose(3) didn't succeed when # strerror(3) was called. pass I am usure this would work on every amd64 though. Replace: extern int _catclose(nl_catd); With: extern int _catclose(struct _nl_catd*); Note that I didn't test that it fixes the problem (I don't have time to fetch source code & compile libc today). I can confirm it does indeed fix the problem later if requested. dmesg: OpenBSD 4.6 (GENERIC.MP) #67: Wed Jul 1 15:27:44 MDT 2009 deraadt@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 2116874240 (2018MB) avail mem = 2042961920 (1948MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe33f0 (32 entries) bios0: vendor Intel Corp. version "DPP3510J.86A.0517.2009.0107.2203" date 01/07/2009 bios0: Intel Corporation DG33BU acpi0 at bios0: rev 0 acpi0: tables DSDT FACP APIC WDDT MCFG ASF! ASPT WDTT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT acpi0: wakeup devices SLPB(S4) P32_(S4) ECIR(S4) UAR1(S4) ILAN(S4) PEGP(S4) PEX0(S4) PEX1(S4) PEX2(S4) PEX3(S4) PEX4(S4) PEX5(S4) UHC1(S3) UHC2(S3) UHC3(S3) UHC4(S3) EHCI(S3) EHC2(S3) UH42(S3) UHC5(S3) UHC6(S3) AZAL(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Pentium(R) Dual CPU E2140 @ 1.60GHz, 1600.27 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,CX16,xTPR,NXE,LONG cpu0: 1MB 64b/line 4-way L2 cache cpu0: apic clock running at 204MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Pentium(R) Dual CPU E2140 @ 1.60GHz, 1632.06 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,CX16,xTPR,NXE,LONG cpu1: 1MB 64b/line 4-way L2 cache ioapic0 at mainbus0 apid 2 pa 0xfec00000, version 20, 24 pins ioapic0: misconfigured as apic 0, remapped to apid 2 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 6 (P32_) acpiprt2 at acpi0: bus 1 (PEX0) acpiprt3 at acpi0: bus 2 (PEX1) acpiprt4 at acpi0: bus 3 (PEX2) acpiprt5 at acpi0: bus 4 (PEX3) acpiprt6 at acpi0: bus 5 (PEX4) acpiprt7 at acpi0: bus -1 (PEX5) acpicpu0 at acpi0: C1, PSS acpicpu1 at acpi0: C1, PSS acpibtn0 at acpi0: SLPB cpu0: Enhanced SpeedStep 1632 MHz: speeds: 1600, 1400, 1200 MHz pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel 82G33 Host" rev 0x02 vga1 at pci0 dev 2 function 0 "Intel 82G33 Video" rev 0x02 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) intagp0 at vga1 agp0 at intagp0: aperture at 0x80000000, size 0x10000000 inteldrm0 at vga1: apic 2 int 16 (irq 11) drm0 at inteldrm0 "Intel 82G33 HECI" rev 0x02 at pci0 dev 3 function 0 not configured em0 at pci0 dev 25 function 0 "Intel ICH9 IGP C" rev 0x02: apic 2 int 20 (irq 9), address 00:1c:c0:0c:bf:23 uhci0 at pci0 dev 26 function 0 "Intel 82801I USB" rev 0x02: apic 2 int 18 (irq 10) uhci1 at pci0 dev 26 function 1 "Intel 82801I USB" rev 0x02: apic 2 int 21 (irq 11) uhci2 at pci0 dev 26 function 2 "Intel 82801I USB" rev 0x02: apic 2 int 17 (irq 9) ehci0 at pci0 dev 26 function 7 "Intel 82801I USB" rev 0x02: apic 2 int 17 (irq 9) usb0 at ehci0: USB revision 2.0 uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1 azalia0 at pci0 dev 27 function 0 "Intel 82801I HD Audio" rev 0x02: apic 2 int 22 (irq 10) azalia0: codecs: Realtek ALC888 audio0 at azalia0 ppb0 at pci0 dev 28 function 0 "Intel 82801I PCIE" rev 0x02: apic 2 int 17 (irq 255) pci1 at ppb0 bus 1 ppb1 at pci0 dev 28 function 1 "Intel 82801I PCIE" rev 0x02: apic 2 int 20 (irq 255) pci2 at ppb1 bus 2 pciide0 at pci2 dev 0 function 0 "Marvell 88SE6101 IDE" rev 0xb2: DMA (unsupported), channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide0: using apic 2 int 17 (irq 9) for native-PCI interrupt atapiscsi0 at pciide0 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: <HL-DT-ST, DVD-RAM GSA-H55N, 1.03> ATAPI 5/cdrom removable pciide0: channel 1 ignored (not responding; disabled or no drives?) ppb2 at pci0 dev 28 function 2 "Intel 82801I PCIE" rev 0x02: apic 2 int 18 (irq 255) pci3 at ppb2 bus 3 ppb3 at pci0 dev 28 function 3 "Intel 82801I PCIE" rev 0x02: apic 2 int 19 (irq 255) pci4 at ppb3 bus 4 ppb4 at pci0 dev 28 function 4 "Intel 82801I PCIE" rev 0x02: apic 2 int 17 (irq 255) pci5 at ppb4 bus 5 uhci3 at pci0 dev 29 function 0 "Intel 82801I USB" rev 0x02: apic 2 int 23 (irq 11) uhci4 at pci0 dev 29 function 1 "Intel 82801I USB" rev 0x02: apic 2 int 19 (irq 11) uhci5 at pci0 dev 29 function 2 "Intel 82801I USB" rev 0x02: apic 2 int 18 (irq 10) ehci1 at pci0 dev 29 function 7 "Intel 82801I USB" rev 0x02: apic 2 int 23 (irq 11) usb1 at ehci1: USB revision 2.0 uhub1 at usb1 "Intel EHCI root hub" rev 2.00/1.00 addr 1 ppb5 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0x92 pci6 at ppb5 bus 6 "TI TSB43AB22 FireWire" rev 0x00 at pci6 dev 3 function 0 not configured pcib0 at pci0 dev 31 function 0 "Intel 82801IH LPC" rev 0x02 pciide1 at pci0 dev 31 function 2 "Intel 82801I SATA" rev 0x02: DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide1: using apic 2 int 21 (irq 11) for native-PCI interrupt ichiic0 at pci0 dev 31 function 3 "Intel 82801I SMBus" rev 0x02: apic 2 int 18 (irq 10) iic0 at ichiic0 spdmem0 at iic0 addr 0x50: 1GB DDR2 SDRAM non-parity PC2-5300CL5 spdmem1 at iic0 addr 0x52: 1GB DDR2 SDRAM non-parity PC2-5300CL5 pciide2 at pci0 dev 31 function 5 "Intel 82801I SATA" rev 0x02: DMA, channel 0 wired to native-PCI, channel 1 wired to native-PCI pciide2: using apic 2 int 21 (irq 11) for native-PCI interrupt wd0 at pciide2 channel 0 drive 0: <ST3160815AS> wd0: 16-sector PIO, LBA48, 152627MB, 312581808 sectors wd0(pciide2:0:0): using PIO mode 4, Ultra-DMA mode 5 usb2 at uhci0: USB revision 1.0 uhub2 at usb2 "Intel UHCI root hub" rev 1.00/1.00 addr 1 usb3 at uhci1: USB revision 1.0 uhub3 at usb3 "Intel UHCI root hub" rev 1.00/1.00 addr 1 usb4 at uhci2: USB revision 1.0 uhub4 at usb4 "Intel UHCI root hub" rev 1.00/1.00 addr 1 usb5 at uhci3: USB revision 1.0 uhub5 at usb5 "Intel UHCI root hub" rev 1.00/1.00 addr 1 usb6 at uhci4: USB revision 1.0 uhub6 at usb6 "Intel UHCI root hub" rev 1.00/1.00 addr 1 usb7 at uhci5: USB revision 1.0 uhub7 at usb7 "Intel UHCI root hub" rev 1.00/1.00 addr 1 isa0 at pcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: <PC speaker> spkr0 at pcppi0 mtrr: Pentium Pro MTRR support uhidev0 at uhub4 port 1 configuration 1 interface 0 "Logitech USB-PS/2 Optical Mouse" rev 2.00/20.00 addr 2 uhidev0: iclass 3/1 ums0 at uhidev0: 3 buttons, Z dir wsmouse0 at ums0 mux 0 softraid0 at root root on wd0a swap on wd0b dump on wd0b
