Home » Mailing list archives » openbsd-bugs » 2009 » July » 4

Re: library/6182: Bad catclose declaration cause corruption on amd64

!MAILaRCHIVE_VOTE_RePLACE
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Henry Precheur <henry@...>
To: Mark Kettenis <mark.kettenis@...>
Cc: <gnats@...>, <bugs@...>
Subject: Re: library/6182: Bad catclose declaration cause corruption on amd64
Date: Saturday, July 4, 2009 - 7:05 pm

(Forgot to cc gnats@, & bugs@ sorry for the noise ...)

My bad, I completely missed the nl_types.h in _catclose.c.

But there's nontheless a problem:

It looks like load_msgcat is leaking FD. It opens
/usr/share/nls/C/libc.cat and right after the mmap(2), the call to
close(2) fails. This doesn't happen all the time though.

(gdb) r bug.py
Starting program: /home/henry/py3k/python bug.py
before execv^C
Program received signal SIGINT, Interrupt.
0x0000000208445d7a in poll () from /usr/lib/libc.so.51.0
(gdb) b load_msgcat
Breakpoint 1 at 0x208485b90: file /usr/src/lib/libc/nls/catopen.c, line 118.
(gdb) c
Continuing.

[Switching to process 29526, thread 0x20a9c1800]

Breakpoint 1, load_msgcat (path=0x7f7ffffcaeb0 "/usr/share/nls/C/libc.cat")
    at /usr/src/lib/libc/nls/catopen.c:118
warning: Source file is more recent than executable.

118     {
(gdb) n
124             if ((fd = open(path, O_RDONLY)) == -1)
(gdb) n
118     {
(gdb) bt full
#0  load_msgcat (path=0x7f7ffffcaeb0 "/usr/share/nls/C/libc.cat")
    at /usr/src/lib/libc/nls/catopen.c:118
        st = {st_dev = 211736784, st_ino = 2, st_mode = 4294750456, st_nlink = 32639, 
  st_uid = 4294751192, st_gid = 32639, st_rdev = 4574082, st_lspare0 = 0, st_atim = {
    tv_sec = -216704, tv_nsec = 140187732325336}, st_mtim = {tv_sec = 6332823, 
    tv_nsec = 8801502688}, st_ctim = {tv_sec = -216704, tv_nsec = 4562934}, 
  st_size = 32, st_blocks = 8841693296, st_blksize = 52724736, st_flags = 2, 
  st_gen = 138846753, st_lspare1 = 2, __st_birthtim = {tv_sec = -217296, 
    tv_nsec = 8731114028}, st_qspare = {8822822528, 35}}
        catd = 0x3a
        data = (void *) 0x20859d014
        fd = 140103800

[ ... output removed ...]

(gdb) n
124             if ((fd = open(path, O_RDONLY)) == -1)
(gdb) n
127             if (fstat(fd, &st) != 0) {
(gdb) n
132             data = mmap(0, (size_t) st.st_size, PROT_READ, MAP_SHARED, fd, (off_t)0);
(gdb) print close(fd)
$1 = -1
(gdb) print errno 
$2 = 9
(gdb) list
127             if (fstat(fd, &st) != 0) {
128                     close (fd);
129                     return (nl_catd) -1;
130             }
131
132             data = mmap(0, (size_t) st.st_size, PROT_READ, MAP_SHARED, fd, (off_t)0);
133             close (fd);
134
135             if (data == MAP_FAILED) {
136                     munmap(data, (size_t) st.st_size);


-- 
  Henry Prjcheur
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
library/6182: Bad catclose declaration cause corruption on a..., Henry Precheur, (Sat Jul 4, 4:17 pm)
Re: library/6182: Bad catclose declaration cause corruption ..., Mark Kettenis, (Sat Jul 4, 5:02 pm)
Re: library/6182: Bad catclose declaration cause corruption ..., Henry Precheur, (Sat Jul 4, 7:05 pm)