Red Hat Bugzilla – Bug 140487
[RHAS2.1] Bad declaration of __syscall_poll can cause bogus values for timeout to be passed to the kernel
Last modified: 2016-11-24 09:58:41 EST
Declaration of __syscall_poll uses int for timeout, but the kernel
expects a long. This can cause a huge timeout to be passed to kernel
in some circumstances.
Created attachment 107271 [details]
Compile with test case:
gcc -O0 -o testpoll testpoll.c
(-O0 is important)
Run. This is supposed to be an 8 millisecond timeout. It hangs, and the alarm
fires. If you strace:
poll(0, 0, 4294967304
) = -1 EINTR (Interrupted system call)
Created attachment 107272 [details]
Patch to glibc to fix this.
This just makes the declaration match reality, so the compiler knows generate
the code to turn an int into a long safely.
Wonder why kernel chose long when POSIX requires int.
Anyway, fix scheduled for U7.
Should be fixed in glibc-2.2.4-32.19 in dist-2.1AS-errata-candidate.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.