kc3-lang/gnulib/lib/pipe.c

• Show log

  Commit

• Hash : 3dbe75e4
  Author :
  Date : 2011-06-29T15:46:50
  

  pipe, pipe2: don't corrupt fd on error
  
  I noticed a potential subtle double-close bug in libvirt.  There,
  a common idiom is to initialize an int fd[2]={-1,-1}, then have
  multiple error paths goto common cleanup code.  In the cleanup
  code, the fds are closed if they are not already -1; this works
  if the error label is reached before the pipe call, or after
  pipe succeeds, but if it was the pipe call itself that jumped
  to the error label, then it is relying on failed pipe() not
  altering the values already in fd array prior to the failure.
  Our pipe2 replacement violated this assumption, and could leave
  a non-negative value in the array, which in turn would let
  libvirt close an already-closed fd, possibly nuking an unrelated
  fd opened by another thread that happened to get the same value.
  
  As a result, I raised a POSIX issue regarding the behavior of
  pipe on failure: http://austingroupbugs.net/view.php?id=467
  
  Using that test program, I learned that most systems leave fd
  unchanged on error, but that mingw always assigns -1 into the
  array.  This fixes the mingw pipe() replacement, as well as
  the gnulib pipe2() replacement.
  
  I don't know of any race-free way to work around a cygwin crash:
  http://cygwin.com/ml/cygwin/2011-06/msg00328.html - we could
  always open() and then close() two fds to guess whether two
  spare fd still remain before calling pipe(), but that is racy.
  
  * lib/pipe.c (pipe): Leave fd unchanged on error.
  * lib/pipe2.c (pipe2): Likewise.
  * doc/posix-functions/pipe.texi (pipe): Document cygwin issue.
  * doc/glibc-functions/pipe2.texi (pipe2): Likewise.
  
  Signed-off-by: Eric Blake <eblake@redhat.com>
  

Download

• lib/pipe.c

• /* Create a pipe.
     Copyright (C) 2009-2011 Free Software Foundation, Inc.
  
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
     the Free Software Foundation; either version 2, or (at your option)
     any later version.
  
     This program is distributed in the hope that it will be useful,
     but WITHOUT ANY WARRANTY; without even the implied warranty of
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     GNU General Public License for more details.
  
     You should have received a copy of the GNU General Public License along
     with this program; if not, write to the Free Software Foundation,
     Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.  */
  
  #include <config.h>
  
  /* Specification.  */
  #include <unistd.h>
  
  #if (defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__
  /* Native Woe32 API.  */
  
  /* Get _pipe().  */
  # include <io.h>
  
  /* Get _O_BINARY.  */
  # include <fcntl.h>
  
  int
  pipe (int fd[2])
  {
    /* Mingw changes fd to {-1,-1} on failure, but this violates
       http://austingroupbugs.net/view.php?id=467 */
    int tmp[2];
    int result = _pipe (tmp, 4096, _O_BINARY);
    if (!result)
      {
        fd[0] = tmp[0];
        fd[1] = tmp[1];
      }
    return result;
  }
  
  #else
  
  # error "This platform lacks a pipe function, and Gnulib doesn't provide a replacement. This is a bug in Gnulib."
  
  #endif
  

Download