Bugzilla will be upgraded to version 5.0 on December 2, 2018. The outage period for the upgrade will start at 0:00 UTC and have a duration of 12 hours
Bug 53494 - timer_settime() dumps core if ovalue is NULL
timer_settime() dumps core if ovalue is NULL
Product: Red Hat Linux
Classification: Retired
Component: glibc (Show other bugs)
i386 Linux
medium Severity high
: ---
: ---
Assigned To: Jakub Jelinek
Aaron Brown
Depends On:
  Show dependency treegraph
Reported: 2001-09-10 11:13 EDT by Trevin Beattie
Modified: 2016-11-24 09:55 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-09-18 04:38:52 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2001:121 normal SHIPPED_LIVE GNU C Library bugfix update 2001-10-04 00:00:00 EDT

  None (edit)
Description Trevin Beattie 2001-09-10 11:13:49 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.78 [en] (X11; U; Linux 2.4.3-12 i586)

Description of problem:
The definition of timer_settime(timerid,flags,value,ovalue) allows ovalue
to be NULL, in case the programmer doesn't care about the timer's previous
value.  In practice, however, using a NULL 4th argument will cause the
program to crash.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Create the following program:
cat > settime_error.c << EOF
#include <signal.h>
#include <stddef.h>
#include <stdio.h>
#include <time.h>
#include <unistd.h>

main ()
  timer_t timer;
  struct sigevent event;
  struct itimerspec timeout;
  int status = 0;

  event.sigev_notify = SIGEV_NONE;
  if (timer_create (CLOCK_REALTIME, &event, &timer) < 0) {
    perror ("timer_create");
    exit (1);
  timeout.it_value.tv_sec = 30;
  timeout.it_value.tv_nsec = 0;
  timeout.it_interval.tv_sec = 0;
  timeout.it_interval.tv_nsec = 0;
  if (timer_settime (timer, 0, &timeout, NULL) < 0) {
    perror ("timer_settime");
    status = 1;
  if (timer_delete (timer) < 0) {
    perror ("timer_delete");
    status = 1;
  if (status == 0)
    puts ("Timer functions passed.");
  return status;

2. Compile as follows:
gcc -g -lrt -o settime_error settime_error.c

3. Run -- preferably using gdb.
gdb settime_error

Actual Results:  GNU gdb 5.0rh-5 Red Hat Linux 7.1
Copyright 2001 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
welcome to change it and/or distribute copies of it under certain
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux"...
(gdb) run
Starting program: /home/trevin/eyrx/src/libc/tests/t_time/settime-error 
[New Thread 1024 (LWP 2306)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1024 (LWP 2306)]
__timer_thread_queue_timer (thread=0x0, insert=0x4002e680)
    at ../linuxthreads/sysdeps/pthread/timer_routines.c:112
112	../linuxthreads/sysdeps/pthread/timer_routines.c: No such file or
	in ../linuxthreads/sysdeps/pthread/timer_routines.c
(gdb) bt
#0  __timer_thread_queue_timer (thread=0x0, insert=0x4002e680)
    at ../linuxthreads/sysdeps/pthread/timer_routines.c:112
#1  0x4002bc7d in timer_settime (timerid=0, flags=0, value=0xbffff750, 
    ovalue=0x0) at ../linuxthreads/sysdeps/pthread/timer_settime.c:121
#2  0x080485f8 in main () at settime-error.c:24
#3  0x40054e5e in __libc_start_main (main=0x8048580 <main>, argc=1, 
    ubp_av=0xbffff824, init=0x80483bc <_init>, fini=0x8048690 <_fini>, 
    rtld_fini=0x4000d3c4 <_dl_fini>, stack_end=0xbffff81c)
    at ../sysdeps/generic/libc-start.c:129

Expected Results:  Timer functions passed.

Additional info:

If ovalue is given as a pointer instead of NULL, the program will not
Comment 1 Jakub Jelinek 2001-09-18 04:38:47 EDT
This is fixed in CVS glibc and will appear in glibc-2.2.4-15 once it is cut
(today or tomorrow).

Note You need to log in before you can comment on or make changes to this bug.