This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug libc/1377] seg fault inside getwc() when using LD_PRELOADed code


------- Additional Comments From kkylheku at gmail dot com  2009-11-12 21:46 -------
I'm seeing a crash in getwc on an older installation of glibc (glibc 2.3.4).

The FILE * in this case did not come from fopen, but rather from popen.

No tricks with shared libraries are being played.

$ cat popen_getwc.c
#include <unistd.h>
#include <stdio.h>
#include <wchar.h>

int main(void)
{
  FILE *command = popen("ls", "r");
  wint_t ch = getwc(command);
  pclose(command);
  return ch;
}
$ gcc -Wall popen_getwc.c -o popen_getwc
$ ./popen_getwc
Segmentation fault
$ gcc --version
gcc (GCC) 3.4.3 20050227 (Red Hat 3.4.3-22.1)
Copyright (C) 2004 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
$ /lib/libc.so.6
GNU C Library stable release version 2.3.4, by Roland McGrath et al.
Copyright (C) 2005 Free Software Foundation, Inc.
[ ... etc ... ]


The crash is unaffected by whether or not we call setlocale to have LC_CTYPE 
set up for multi-byte encodings or not.


I'm sticking the comment here because it affects an glibc version from around 
the time when this original bug was reported, and they seem related. I 
couldn't find anything else in the bug database about a crash in getwc.

It's understandable that using dlsym to get to the wrong version of fopen is 
like sticking a fork in the toaster, hence ``RESOLVED INVALID''.

But is it also ``INVALID'' to be doing getwc on a popen'ed stream?

I'm going to try the workaround of implementing popen from scratch, so that 
the stream is then just created with fdopen.  The fdopen function is not 
affected by this problem; I can drop in fdopen/fclose in the place of 
popen/pclose in the above testcase and it does not crash:

#include <unistd.h>
#include <stdio.h>
#include <wchar.h>

int main(void)
{
  FILE *command = fdopen(0, "r");
  wint_t ch = getwc(command); /* <- no problem */
  pclose(command);
  return ch;
}


-- 
           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|INVALID                     |


http://sourceware.org/bugzilla/show_bug.cgi?id=1377

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]