Mail Archives: cygwin/2015/09/04/16:23:08

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2015/09/04/16:23:08

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:mime-version:reply-to:from:date:message-id

:subject:to:content-type; q=dns; s=default; b=ZARtBroMG28bnxAv9p

atloGqy3JB+e4/LPsVDoNDTJ4r24n/cS/pOw747ytQ8u/xRaQHO9HAerylKp4iMc

ofI0pnTEE/mtB8ckzEoYOtVHVDnfRMOQZSq+jXeBxTA9FQT5e6eDJPKkJAD82cRm

nWjt52aiWyzVs6VrxGxGN6POI=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:mime-version:reply-to:from:date:message-id

:subject:to:content-type; s=default; bh=8q+uDijIS4UBxvGOAMU20Wih

uW8=; b=JrFur8RiQ/UJb4tj7x9uH4jfb3/KRIYAQL4qLas0T2wYR8mwuaBcmXKa

RKbasazyUilBtbQ+SAzKwSrTbAL4E2fuzSE5oqwa6XB9qZlZrOfWtSoGL6bmhNLq

OIS513HRVoay7m9jphDQ3I0MLYnrWXT/8oQCwWKHq1ZuUl0W0Ao=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Virus-Found: No

X-Spam-SWARE-Status: No, score=-0.9 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.2

X-HELO: mail-wi0-f174.google.com

X-Received: by 10.194.87.69 with SMTP id v5mr10108590wjz.140.1441398169202; Fri, 04 Sep 2015 13:22:49 -0700 (PDT)

MIME-Version: 1.0

Reply-To: fracting AT gmail DOT com

From: Qian Hong <fracting AT gmail DOT com>

Date: Sat, 5 Sep 2015 04:22:09 +0800

Message-ID: <CALd+sZRo_Nyv=adF5DeeHiShJsxGD+KUPqkDMKb3q47a2Nm=8Q@mail.gmail.com>

Subject: Question about flock - potential memory corruption?

To: cygwin <cygwin AT cygwin DOT com>

X-IsSubscribed: yes

--089e0102dfe2db1292051ef1a95a
Content-Type: text/plain; charset=UTF-8

Dear list,

When testing Cygwin/MSYS2 on Wine, I found randomly failure of flock():
https://bugs.wine-staging.com/show_bug.cgi?id=466#c13

I ran MSYS2 with Wine+Valgrind, and found warnings like below when
calling flock():

  7 ==19315== Conditional jump or move depends on uninitialised value(s)
  8 ==19315==    at 0x7BC82750: RtlGetOwnerSecurityDescriptor (sec.c:740)
  9 ==19315==    by 0x7BC9222A: NTDLL_create_struct_sd (sync.c:96)
 10 ==19315==    by 0x7BC92CE4: NtCreateEvent (sync.c:294)
 11 ==19315==    by 0x6107B687: ???
 12 ==19315==    by 0x612FC347: ???

Then I read Cygwin/MSYS2 source code, and found:

--- snip ---
extern PSECURITY_DESCRIPTOR _everyone_sd (void *buf, ACCESS_MASK access);
#define everyone_sd(access) (_everyone_sd (alloca (SD_MIN_SIZE), (access)))
--- snip ---

man alloca says:
       The alloca() function allocates size bytes of space in the
stack frame of the caller.  This temporary space is automatically
freed when
       the function that called alloca() returns to its caller.

However, Cygwin/MSYS2 seems passed a freed pointer to NtCreateEvent:
https://cygwin.com/git/gitweb.cgi?p=newlib-cygwin.git;a=blob;f=winsup/cygwin/flock.cc;h=2332f5467e37d124acfd12c0f85a30281f10a952;hb=HEAD#l773

 638 POBJECT_ATTRIBUTES
 639 lockf_t::create_lock_obj_attr (lockfattr_t *attr, ULONG flags)
 640 {
 641   __small_swprintf (attr->name, LOCK_OBJ_NAME_FMT,
 642                     lf_flags & (F_POSIX | F_FLOCK), lf_type,
lf_start, lf_end,
 643                     lf_id, lf_wid, lf_ver);
 644   RtlInitCountedUnicodeString (&attr->uname, attr->name,
 645                                LOCK_OBJ_NAME_LEN * sizeof (WCHAR));
 646   InitializeObjectAttributes (&attr->attr, &attr->uname, flags,
lf_inode->i_dir,
 647                               everyone_sd (FLOCK_EVENT_ACCESS));
 648   return &attr->attr;
 649 }

 772       status = NtCreateEvent (&lf_obj, CYG_EVENT_ACCESS,
 773                               create_lock_obj_attr (&attr, OBJ_INHERIT),
 774                               NotificationEvent, FALSE);

It seems flock() works very stable on Windows according to my previous
testing, however, I have feeling that as a kernel function,
NtCreateEvent on Windows doesn't have terrible affects to the user
space stack of the process, while Wine implements NtCreateEvent as a
user space function, so the old stack was easier to be destroyed.

I write a hack as attachment 0001-cygwin-flock-user-static-buffer.txt
and recompile MSYS2, then the bug seems go away.

Could someone confirm whether there is a potential Cygwin bug? If true
I'd love to leave the bug for Cygwin devs to write a fix.

Thanks very much!



-- 
Regards,
Qian Hong

-
http://www.winehq.org

--089e0102dfe2db1292051ef1a95a
Content-Type: text/plain; charset=US-ASCII; name="0001-cygwin-flock-use-static-buffer.txt"
Content-Disposition: attachment; 
	filename="0001-cygwin-flock-use-static-buffer.txt"
Content-Transfer-Encoding: base64
X-Attachment-Id: f_ie634xeh0

ZGlmZiAtLWdpdCBhL3dpbnN1cC9jeWd3aW4vZmxvY2suY2MgYi93aW5zdXAv
Y3lnd2luL2Zsb2NrLmNjCmluZGV4IDIzMzJmNTQuLmFjM2Y3NzIgMTAwNjQ0
Ci0tLSBhL3dpbnN1cC9jeWd3aW4vZmxvY2suY2MKKysrIGIvd2luc3VwL2N5
Z3dpbi9mbG9jay5jYwpAQCAtNjM4LDEzICs2MzgsMTQgQEAgaW5vZGVfdDo6
Z2V0X2FsbF9sb2Nrc19saXN0ICgpCiBQT0JKRUNUX0FUVFJJQlVURVMKIGxv
Y2tmX3Q6OmNyZWF0ZV9sb2NrX29ial9hdHRyIChsb2NrZmF0dHJfdCAqYXR0
ciwgVUxPTkcgZmxhZ3MpCiB7CisgIHN0YXRpYyBjaGFyIGJ1ZltTRF9NSU5f
U0laRV07CiAgIF9fc21hbGxfc3dwcmludGYgKGF0dHItPm5hbWUsIExPQ0tf
T0JKX05BTUVfRk1ULAogCQkgICAgbGZfZmxhZ3MgJiAoRl9QT1NJWCB8IEZf
RkxPQ0spLCBsZl90eXBlLCBsZl9zdGFydCwgbGZfZW5kLAogCQkgICAgbGZf
aWQsIGxmX3dpZCwgbGZfdmVyKTsKICAgUnRsSW5pdENvdW50ZWRVbmljb2Rl
U3RyaW5nICgmYXR0ci0+dW5hbWUsIGF0dHItPm5hbWUsCiAJCQkgICAgICAg
TE9DS19PQkpfTkFNRV9MRU4gKiBzaXplb2YgKFdDSEFSKSk7CiAgIEluaXRp
YWxpemVPYmplY3RBdHRyaWJ1dGVzICgmYXR0ci0+YXR0ciwgJmF0dHItPnVu
YW1lLCBmbGFncywgbGZfaW5vZGUtPmlfZGlyLAotCQkJICAgICAgZXZlcnlv
bmVfc2QgKEZMT0NLX0VWRU5UX0FDQ0VTUykpOworCQkJICAgICAgX2V2ZXJ5
b25lX3NkIChidWYsIEZMT0NLX0VWRU5UX0FDQ0VTUykpOwogICByZXR1cm4g
JmF0dHItPmF0dHI7CiB9CiAK


--089e0102dfe2db1292051ef1a95a
Content-Type: text/plain; charset=us-ascii

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
--089e0102dfe2db1292051ef1a95a--

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:reply-to:from:date:message-id
	:subject:to:content-type; q=dns; s=default; b=ZARtBroMG28bnxAv9p
	atloGqy3JB+e4/LPsVDoNDTJ4r24n/cS/pOw747ytQ8u/xRaQHO9HAerylKp4iMc
	ofI0pnTEE/mtB8ckzEoYOtVHVDnfRMOQZSq+jXeBxTA9FQT5e6eDJPKkJAD82cRm
	nWjt52aiWyzVs6VrxGxGN6POI=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:reply-to:from:date:message-id
	:subject:to:content-type; s=default; bh=8q+uDijIS4UBxvGOAMU20Wih
	uW8=; b=JrFur8RiQ/UJb4tj7x9uH4jfb3/KRIYAQL4qLas0T2wYR8mwuaBcmXKa
	RKbasazyUilBtbQ+SAzKwSrTbAL4E2fuzSE5oqwa6XB9qZlZrOfWtSoGL6bmhNLq
	OIS513HRVoay7m9jphDQ3I0MLYnrWXT/8oQCwWKHq1ZuUl0W0Ao=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=-0.9 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.2
X-HELO:	mail-wi0-f174.google.com
X-Received:	by 10.194.87.69 with SMTP id v5mr10108590wjz.140.1441398169202; Fri, 04 Sep 2015 13:22:49 -0700 (PDT)
MIME-Version:	1.0
Reply-To:	fracting AT gmail DOT com
From:	Qian Hong <fracting AT gmail DOT com>
Date:	Sat, 5 Sep 2015 04:22:09 +0800
Message-ID:	<CALd+sZRo_Nyv=adF5DeeHiShJsxGD+KUPqkDMKb3q47a2Nm=8Q@mail.gmail.com>
Subject:	Question about flock - potential memory corruption?
To:	cygwin <cygwin AT cygwin DOT com>
X-IsSubscribed:	yes