This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/2007] mmap seg faults on marginally improper arguments
- From: "bkorb at gnu dot org" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: 25 Dec 2005 18:17:35 -0000
- Subject: [Bug libc/2007] mmap seg faults on marginally improper arguments
- References: <20051208233503.2007.bkorb@gnu.org>
- Reply-to: sourceware-bugzilla at sourceware dot org
------- Additional Comments From bkorb at gnu dot org 2005-12-25 18:17 -------
Subject: Re: mmap seg faults on marginally improper arguments
The function was included in a previous message.
Fundamentally, it mmaps a given file. If that file size is a
multiple of a page size, then it does a one page anonymous
map for the next page, thus assuring that the str*() functions
won't seg fault looking for the terminating NUL byte.
The original anonymous mapping call:
pNuls = mmap(
(void*)(((char*)pMI->txt_data) + pMI->txt_size),
pgsz,
PROT_READ|PROT_WRITE,
MAP_ANONYMOUS|MAP_FIXED|MAP_SHARED, 0, 0 );
works fine on most all platforms. On Linux/Alpha it seg faults.
OK responses are either successful or (void*)-1 (i.e. MAP_FAILED).
The latter is okay because anonymous and shared conflict. So, I've
modified the code below to simply make the two calls instead
of using the library I provided before. Be forwarned: I've only tested
the failure using my "text_mmap" function, not the following code.
"It ought to behave the same." YMMV.
mv at binarysec dot com wrote:
> ------- Additional Comments From mv at binarysec dot com 2005-12-25 17:52 -------
>>#include <sys/types.h>
>>#include <sys/mman.h>
>>#include <sys/stat.h>
>>
>>#include <stdio.h>
>>#include <fcntl.h>
>>#include <stdint.h>
>>#include <unistd.h>
>>
>>int
>>main(int argc, char** argv)
>>{
>> long sz = sysconf( _SC_PAGESIZE );
>> {
>> int fd = open( "/tmp/FOO", O_CREAT | O_WRONLY, 0666 );
>> char z[ 16 ];
>>
>> if (fd < 0) exit(1);
>> while (sz > 0) {
>> sprintf( z, "0x%4X..", sz );
>> write( fd, z, 8 );
>> sz -= 8;
>> }
>> close(fd);
>> }
>>
>> {
>> int fd = open( "/tmp/FOO", O_RDONLY );
>> void* ptr = mmap( NULL, sz, fd, PROT_READ|PROT_WRITE, MAP_PRIVATE, fd, 0 );
>> (void)mmap( (void*)(((long)ptr) + sz), sz, -1,
>> PROT_READ|PROT_WRITE,
>> MAP_ANONYMOUS|MAP_FIXED|MAP_SHARED, 0, 0 );
>> fputs( "This platform does not fail\n", stdout );
>> }
>>
>> return 1;
>>}
--
http://sourceware.org/bugzilla/show_bug.cgi?id=2007
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.