Bug 175796 - listxattr() system call fails for /proc, /dev, etc
Summary: listxattr() system call fails for /proc, /dev, etc
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
(Show other bugs)
Version: 4
Hardware: x86_64 Linux
Target Milestone: ---
Assignee: James Morris
QA Contact: Brian Brock
URL: http://bugzilla.kernel.org/show_bug.c...
Depends On:
TreeView+ depends on / blocked
Reported: 2005-12-15 01:19 UTC by Ben Escoto
Modified: 2007-11-30 22:11 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-12-16 03:51:21 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Ben Escoto 2005-12-15 01:19:29 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.12) Gecko/20050922 Fedora/1.0.7-1.1.fc4 Firefox/1.0.7

Description of problem:
Apparently there is an off-by-one error in the listxattr() system call support, that leads to spurious ERANGE errors.  See for instance this strace output:

listxattr("/dev", (nil), 0)             = 17
listxattr("/dev", 0x53a3d0, 17)         = -1 ERANGE (Numerical result out of range)

when since the previous listxattr call returned 17, the buffer in the second case should be sufficient.  For more information and fix see:


Note that the included getfattr utility does not trigger this bug because that utility uses a buffer bigger than it should.

Version-Release number of selected component (if applicable):
kernel-2.6.14-1.1644_FC4, other 2.6.14 kernel versions

How reproducible:

Steps to Reproduce:
1. See the attached small C program, written by Iustin Pop
2. Run it on /dev for instance, or /proc

Actual Results:  Path /dev, xattr size 17
Testing with size 16...buffer too small
Testing with size 17...buffer too small
Testing with size 18... succeded!
Finished at 18

Expected Results:  Path /dev, xattr size 17
Testing with size 16...buffer too small
Testing with size 17... succeded!
Finished at 17

Additional info:

Here's Iustin Pop's C program:

#include <sys/types.h>
#include <attr/xattr.h>
#include <string.h>
#include <stdio.h>

int main(int argc, char *argv[]) {
   char buf[65536];

   ssize_t n;
   ssize_t i;
   ssize_t j;
   char *path;

   if(argc != 2) {
       fprintf(stderr, "Usage: %s path\n", argv[0]);
       return 1;
   path = argv[1];
   n = listxattr(path, NULL, 0);

   if(n == -1) {
       fprintf(stderr, "Error in getting xattr list size: %s", strerror(errno));
       return 1;
   printf("Path %s, xattr size %d\n", path, n);

   if(n == 0) {
       printf("No extended attrs, exiting.\n");
       return 0;

   for(i = n - 1; i < sizeof(buf); i++) {
       printf("Testing with size %d...", i);
       j = listxattr(path, buf, i);
       if(j > 0) {
           printf(" succeded!\n");
       if(errno == ERANGE) {
           printf("buffer too small\n");
       } else {
           printf("other error: %s\n", strerror(errno));
   printf("Finished at %d\n", i);
   return 0;

Comment 1 Ben Escoto 2005-12-15 01:28:13 UTC
Oh, I should add that I'm submitting this as a Fedora bug because other
distributions like Debian that run the 2.6.14 kernel don't seem to suffer from
it.  I write a backup program that supports extended attributes and I've only
seen Fedora users complain about it so far.

Comment 2 James Morris 2005-12-15 02:11:41 UTC
This is fixed in 2.6.15-rc5-mm2 and also possibly in -stable (it was being
reviewed at least).

Comment 3 Dave Jones 2005-12-15 04:21:43 UTC
Ok. 2.6.14-1.1653_FC4 pushed out yesterday has the patches put up for review for
inclusion in

Please retest with the latest update.

Comment 4 Ben Escoto 2005-12-16 03:07:38 UTC
Yes, this is fixed in 2.6.14-1.1653_FC4.  Thanks for the quick fix ;-)

Note You need to log in before you can comment on or make changes to this bug.