Bug 53494 - timer_settime() dumps core if ovalue is NULL
Summary: timer_settime() dumps core if ovalue is NULL
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: glibc
Version: 7.1
Hardware: i386
OS: Linux
medium
high
Target Milestone: ---
Assignee: Jakub Jelinek
QA Contact: Aaron Brown
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2001-09-10 15:13 UTC by Trevin Beattie
Modified: 2016-11-24 14:55 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2001-09-18 08:38:52 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2001:121 0 normal SHIPPED_LIVE GNU C Library bugfix update 2001-10-04 04:00:00 UTC

Description Trevin Beattie 2001-09-10 15:13:49 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/4.78 [en] (X11; U; Linux 2.4.3-12 i586)

Description of problem:
The definition of timer_settime(timerid,flags,value,ovalue) allows ovalue
to be NULL, in case the programmer doesn't care about the timer's previous
value.  In practice, however, using a NULL 4th argument will cause the
program to crash.


Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Create the following program:
cat > settime_error.c << EOF
#include <signal.h>
#include <stddef.h>
#include <stdio.h>
#include <time.h>
#include <unistd.h>

int
main ()
{
  timer_t timer;
  struct sigevent event;
  struct itimerspec timeout;
  int status = 0;

  event.sigev_notify = SIGEV_NONE;
  if (timer_create (CLOCK_REALTIME, &event, &timer) < 0) {
    perror ("timer_create");
    exit (1);
  }
  timeout.it_value.tv_sec = 30;
  timeout.it_value.tv_nsec = 0;
  timeout.it_interval.tv_sec = 0;
  timeout.it_interval.tv_nsec = 0;
  if (timer_settime (timer, 0, &timeout, NULL) < 0) {
    perror ("timer_settime");
    status = 1;
  }
  if (timer_delete (timer) < 0) {
    perror ("timer_delete");
    status = 1;
  }
  if (status == 0)
    puts ("Timer functions passed.");
  return status;
}
EOF

2. Compile as follows:
gcc -g -lrt -o settime_error settime_error.c

3. Run -- preferably using gdb.
gdb settime_error


Actual Results:  GNU gdb 5.0rh-5 Red Hat Linux 7.1
Copyright 2001 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux"...
(gdb) run
Starting program: /home/trevin/eyrx/src/libc/tests/t_time/settime-error 
[New Thread 1024 (LWP 2306)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1024 (LWP 2306)]
__timer_thread_queue_timer (thread=0x0, insert=0x4002e680)
    at ../linuxthreads/sysdeps/pthread/timer_routines.c:112
112	../linuxthreads/sysdeps/pthread/timer_routines.c: No such file or
directory.
	in ../linuxthreads/sysdeps/pthread/timer_routines.c
(gdb) bt
#0  __timer_thread_queue_timer (thread=0x0, insert=0x4002e680)
    at ../linuxthreads/sysdeps/pthread/timer_routines.c:112
#1  0x4002bc7d in timer_settime (timerid=0, flags=0, value=0xbffff750, 
    ovalue=0x0) at ../linuxthreads/sysdeps/pthread/timer_settime.c:121
#2  0x080485f8 in main () at settime-error.c:24
#3  0x40054e5e in __libc_start_main (main=0x8048580 <main>, argc=1, 
    ubp_av=0xbffff824, init=0x80483bc <_init>, fini=0x8048690 <_fini>, 
    rtld_fini=0x4000d3c4 <_dl_fini>, stack_end=0xbffff81c)
    at ../sysdeps/generic/libc-start.c:129


Expected Results:  Timer functions passed.


Additional info:

If ovalue is given as a pointer instead of NULL, the program will not
crash.
Comment 1 Jakub Jelinek 2001-09-18 08:38:47 UTC 
This is fixed in CVS glibc and will appear in glibc-2.2.4-15 once it is cut
(today or tomorrow).
Note You need to log in before you can comment on or make changes to this bug.