140487 – [RHAS2.1] Bad declaration of __syscall_poll can cause bogus values for timeout to be passed to the kernel

Bug 140487 - [RHAS2.1] Bad declaration of __syscall_poll can cause bogus values for timeout to be passed to the kernel

Summary: [RHAS2.1] Bad declaration of __syscall_poll can cause bogus values for timeou...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 2.1
Classification:	Red Hat
Component:	glibc
Sub Component:
Version:	2.1
Hardware:	ia64
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Jakub Jelinek
QA Contact:	Brian Brock
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2004-11-23 01:09 UTC by Manish Singh
Modified:	2016-11-24 14:58 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2005-04-28 15:16:04 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
Test case (193 bytes, text/plain) 2004-11-23 01:15 UTC, Manish Singh	no flags	Details
Patch to glibc to fix this. (460 bytes, patch) 2004-11-23 01:18 UTC, Manish Singh	no flags	Details \| Diff
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2005:261	0	normal	SHIPPED_LIVE	Low: glibc security update	2005-04-28 04:00:00 UTC

Description Manish Singh 2004-11-23 01:09:22 UTC

Declaration of __syscall_poll uses int for timeout, but the kernel
expects a long. This can cause a huge timeout to be passed to kernel
in some circumstances.

Comment 1 Manish Singh 2004-11-23 01:15:35 UTC

Created attachment 107271 [details]
Test case

Compile with test case:

gcc -O0 -o testpoll testpoll.c

(-O0 is important)

Run. This is supposed to be an 8 millisecond timeout. It hangs, and the alarm
fires. If you strace:

poll(0, 0, 4294967304
)		  = -1 EINTR (Interrupted system call)

Comment 2 Manish Singh 2004-11-23 01:18:05 UTC

Created attachment 107272 [details]
Patch to glibc to fix this.

This just makes the declaration match reality, so the compiler knows generate
the code to turn an int into a long safely.

Comment 3 Jakub Jelinek 2004-11-23 21:16:29 UTC

Wonder why kernel chose long when POSIX requires int.
Anyway, fix scheduled for U7.

Comment 4 Jakub Jelinek 2005-02-15 14:04:58 UTC

Should be fixed in glibc-2.2.4-32.19 in dist-2.1AS-errata-candidate.

Comment 5 John Flanagan 2005-04-28 15:16:04 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2005-261.html

Note You need to log in before you can comment on or make changes to this bug.