This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug nptl/17478] New: Fix off-by-one error in pthread_setname_np()

From: "ryao at gentoo dot org" <sourceware-bugzilla at sourceware dot org>
To: glibc-bugs at sourceware dot org
Date: Sat, 11 Oct 2014 21:37:42 +0000
Subject: [Bug nptl/17478] New: Fix off-by-one error in pthread_setname_np()
Auto-submitted: auto-generated

https://sourceware.org/bugzilla/show_bug.cgi?id=17478

            Bug ID: 17478
           Summary: Fix off-by-one error in pthread_setname_np()
           Product: glibc
           Version: unspecified
            Status: NEW
          Keywords: glibc_2.10, glibc_2.11, glibc_2.12, glibc_2.13,
                    glibc_2.14, glibc_2.15, glibc_2.16, glibc_2.17,
                    glibc_2.18, glibc_2.19, glibc_2.20
          Severity: normal
          Priority: P2
         Component: nptl
          Assignee: unassigned at sourceware dot org
          Reporter: ryao at gentoo dot org
                CC: drepper.fsp at gmail dot com
              Host: *-*-linux-gnu
            Target: *-*-linux-gnu
             Build: *-*-linux-gnu

Created attachment 7827
  --> https://sourceware.org/bugzilla/attachment.cgi?id=7827&action=edit
This is the proposed fix. It was developed by one Gentoo developer and reviewed
by another.

The man page for pthread_setname_np() says:

> The thread name is a meaningful C language string, whose length is
> restricted to 16 characters, including the terminating null byte ('\0').

It continues to say that ERANGE will be returned on strings that do not
meet this criterium. In reality, passing a NULL terminated string with
the NULL terminating character at index 16 returns EINVAL. This is due
to an off-by-one error where strlen() is used in the comparison rather
than strlen() + 1. It is then sent to either prctl() or /proc. In the
case of /proc, it fails we can get EINVAL. The documentation for prctl()
claims that this will work. However, this is incorrect as the precise
code for Linux's kernel/sys.c will always set the 16th byte to 0 and
copy only the first 15 bytes. Consequently, we silently lose the last
character.

The corrrect way to fix the off-by-one error appears to be to add 1 to
the return value of strlen() before the comparison.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Follow-Ups:
- [Bug nptl/17478] Fix off-by-one error in pthread_setname_np()
  - From: schwab at linux-m68k dot org
- [Bug nptl/17478] Fix off-by-one error in pthread_setname_np()
  - From: ryao at gentoo dot org
- [Bug nptl/17478] Fix off-by-one error in pthread_setname_np()
  - From: ryao at gentoo dot org
- [Bug nptl/17478] Fix off-by-one error in pthread_setname_np()
  - From: ryao at gentoo dot org
- [Bug nptl/17478] Fix off-by-one error in pthread_setname_np()
  - From: ryao at gentoo dot org
- [Bug nptl/17478] Fix off-by-one error in pthread_setname_np()
  - From: schwab at linux-m68k dot org
- [Bug nptl/17478] Fix off-by-one error in pthread_setname_np()
  - From: ryao at gentoo dot org
- [Bug nptl/17478] Fix off-by-one error in pthread_setname_np()
  - From: ryao at gentoo dot org
- [Bug nptl/17478] Fix off-by-one error in pthread_setname_np()
  - From: schwab at linux-m68k dot org
- [Bug nptl/17478] Fix off-by-one error in pthread_setname_np()
  - From: ryao at gentoo dot org

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]