Red Hat Bugzilla – Bug 1259898
table of file descriptors not updated on F_DUPFD_CLOEXEC
Last modified: 2017-09-20 12:17:24 EDT
Created attachment 1070038 [details]
I do not yet have a reproducer, but have a patch
that handles the final state, and user reports
the patch corrects this specific crash condition.
But I am afraid it is just hiding a descriptor
leak. In the crash coredump, it had:
(gdb) p shp->gd->lim.open_max
$1 = 64
(gdb) p fd
$2 = 122
Any luck with getting a reproducer?
I am able to reproduce a file descriptor leak with this code :
while true; do
foo=`pvs << EOF
however patch from comment 0 does not fix it, so it may be unrelated.
The patch in comment 0 just attempts to do "what was meant", and (mostly)
match latest ast code, that is to use F_DUPFD_CLOEXEC, detected by build
configure, that sets the value of F_dupfd_cloexec.
I believe the patch has the side effect of not "exporting" the leak in
ksh internal structures to forked shells, thus making it harder to have
cumulative leaks, that end in out of bounds writes.