This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug nptl/17478] New: Fix off-by-one error in pthread_setname_np()
- From: "ryao at gentoo dot org" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Sat, 11 Oct 2014 21:37:42 +0000
- Subject: [Bug nptl/17478] New: Fix off-by-one error in pthread_setname_np()
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=17478
Bug ID: 17478
Summary: Fix off-by-one error in pthread_setname_np()
Product: glibc
Version: unspecified
Status: NEW
Keywords: glibc_2.10, glibc_2.11, glibc_2.12, glibc_2.13,
glibc_2.14, glibc_2.15, glibc_2.16, glibc_2.17,
glibc_2.18, glibc_2.19, glibc_2.20
Severity: normal
Priority: P2
Component: nptl
Assignee: unassigned at sourceware dot org
Reporter: ryao at gentoo dot org
CC: drepper.fsp at gmail dot com
Host: *-*-linux-gnu
Target: *-*-linux-gnu
Build: *-*-linux-gnu
Created attachment 7827
--> https://sourceware.org/bugzilla/attachment.cgi?id=7827&action=edit
This is the proposed fix. It was developed by one Gentoo developer and reviewed
by another.
The man page for pthread_setname_np() says:
> The thread name is a meaningful C language string, whose length is
> restricted to 16 characters, including the terminating null byte ('\0').
It continues to say that ERANGE will be returned on strings that do not
meet this criterium. In reality, passing a NULL terminated string with
the NULL terminating character at index 16 returns EINVAL. This is due
to an off-by-one error where strlen() is used in the comparison rather
than strlen() + 1. It is then sent to either prctl() or /proc. In the
case of /proc, it fails we can get EINVAL. The documentation for prctl()
claims that this will work. However, this is incorrect as the precise
code for Linux's kernel/sys.c will always set the 16th byte to 0 and
copy only the first 15 bytes. Consequently, we silently lose the last
character.
The corrrect way to fix the off-by-one error appears to be to add 1 to
the return value of strlen() before the comparison.
--
You are receiving this mail because:
You are on the CC list for the bug.