DMARC-Filter: OpenDMARC Filter v1.4.2 delorie.com 50FA33Sj3781345 Authentication-Results: delorie.com; dmarc=pass (p=none dis=none) header.from=cygwin.com Authentication-Results: delorie.com; spf=pass smtp.mailfrom=cygwin.com DKIM-Filter: OpenDKIM Filter v2.11.0 delorie.com 50FA33Sj3781345 Authentication-Results: delorie.com; dkim=pass (1024-bit key, unprotected) header.d=cygwin.com header.i=@cygwin.com header.a=rsa-sha256 header.s=default header.b=TK2O4rIK X-Recipient: archive-cygwin AT delorie DOT com DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 17ACF385DDC9 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com; s=default; t=1736935381; bh=cd7QPEz6cWRgOJkOp+hiAPI+o19xEC01QPO/+KrAQyU=; h=Date:Subject:To:References:In-Reply-To:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To: From; b=TK2O4rIK3knwEyr5/WGV+xJ1BpHPNyMPLXQFj9yQbQ+C5Yr+caDg+fh9jVWCtT1eV blAQLMIITFnDN8YL5KpcdFRJl3ynldJfAxX6LnfY/FHEpTf+2reRtbAG7nW3FUagQa IX9pWAFMsUVIQ/m1qdVrY3utU70J9wuM5bLKLCZE= X-Original-To: cygwin AT cygwin DOT com Delivered-To: cygwin AT cygwin DOT com DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 8497A385DC29 ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 8497A385DC29 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1736935319; cv=none; b=GgQXj7JMB8DvX3mlJASL7XCzmCNlNrXPG3tU3v6EUE3dOx3uYvBXhUe7wOXM1QCzQHaMsknuJKXXgo/RZoNfTUtIGvHA5e1ue//lt+eaaLGujLFd3dHsEDF/cdw1NSypTrQOqEedVABixjZJVXTTp1CYxDzb40pSuytY1Tw7pRo= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1736935319; c=relaxed/simple; bh=0h3r0z7ihrMErd9X5Sg4NfNHFhHi1pxXdRlixnLHkZg=; h=Message-ID:Date:MIME-Version:Subject:To:From; b=ICVXGKhrBObUVJy1RGOCTf335Op45MR9Whk1DQZYQoglkmIR4f9aVZdhK7ld9M/N3sSKz6ExyvuGqKG9sUeb6FVMIeYMU+wghtM5nPOpwQozmN7LJISG/ImI0OWAQoYlFqSVxI3Ir1pI6eq1swOsWw7hbUwcnAVQ4n5XIu07xo8= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 8497A385DC29 Message-ID: Date: Wed, 15 Jan 2025 02:01:51 -0800 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: mq_send(-1, ...) segfaults instead of failing with EBADF To: cygwin AT cygwin DOT com References: <94f6c13a-e58d-0123-40c6-3f8f9a5d2d6f AT t-online DOT de> Content-Language: en-US In-Reply-To: <94f6c13a-e58d-0123-40c6-3f8f9a5d2d6f@t-online.de> X-BeenThere: cygwin AT cygwin DOT com X-Mailman-Version: 2.1.30 Precedence: list List-Id: General Cygwin discussions and problem reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Mark Geisert via Cygwin Reply-To: Mark Geisert Content-Type: text/plain; charset="utf-8"; Format="flowed" Errors-To: cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com Sender: "Cygwin" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by delorie.com id 50FA33Sj3781345 Hi Christian, On 1/14/2025 7:37 AM, Christian Franke via Cygwin wrote: > Found with 'stress-ng --mq 1 -v': > > If an invalid fd is passed to mq_send() and other mq_* functions, a > segfault occurs instead of returning -1 with errno=EBADF. Depending on > optimization, the segfault is not visible in the exit status. > > Testcase: > > $ uname -r > 3.5.5-1.x86_64 > > $ gcc --version > gcc (GCC) 12.4.0 > ... > > $ cat mqbadfd.c > #include > #include > > int main() > { > printf("mq_send:\n"); fflush(stdout); > int ret = mq_send(-1, "FOO", 3, 1); > printf("ret = %d\n", ret); fflush(stdout); > return 42; > } > > $ gcc -o mqbadfd mqbadfd.c > > $ ./mqbadfd; echo $? > mq_send: > 0 > > $ gcc -o mqbadfd2 -O2 mqbadfd.c > > $ ./mqbadfd2; echo $? > mq_send: > Segmentation fault > 139 > > $ strace ./mqbadfd > ... > 111 49460 [main] mqbadfd 23013 fhandler_console::write: 9 = > fhandler_console::write(...) > 39 49499 [main] mqbadfd 23013 write: 9 = write(1, 0xA00017790, 9) > 211 49710 [main] mqbadfd 23013 __set_errno: > cygheap_fdget::cygheap_fdget(int, bool, bool):631 setting errno 9 > --- Process 15116 (pid: 23013), exception c0000005 at 00007ffc766fc71e > --- Process 15116 (pid: 23013) thread 4672 exited with status 0xc0000005 > --- Process 15116 thread 12184 exited with status 0xc0000005 > --- Process 15116 thread 16828 exited with status 0xc0000005 > --- Process 15116 thread 16892 exited with status 0xc0000005 > --- Process 15116 exited with status 0xc0000005 > Segmentation fault > > $ strace ./mqbadfd2 > ... > 170 22096 [main] mqbadfd2 23017 write: 9 = write(1, 0xA00017790, 9) > 71 22167 [main] mqbadfd2 23017 __set_errno: > cygheap_fdget::cygheap_fdget(int, bool, bool):631 setting errno 9 > --- Process 13872 (pid: 23017), exception c0000005 at 00007ffc766fc71e > 58 22225 [main] mqbadfd2 23017 exception::handle: In > cygwin_except_handler exception 0xC0000005 at 0x7FFC766FC71E sp 0x7FFFFCB30 > 25 22250 [main] mqbadfd2 23017 exception::handle: In > cygwin_except_handler signal 11 at 0x7FFC766FC71E > 38 22288 [main] mqbadfd2 23017 break_here: break here > --- Process 13872 (pid: 23017), exception c0000005 at 00007ffc766fc71e > --- Process 13872 (pid: 23017), exception c0000005 at 00007ffc766fc71e > --- Process 13872 (pid: 23017), exception c0000005 at 00007ffc766fc71e > --- Process 13872 (pid: 23017), exception c0000005 at 00007ffc766fc71e > ... [infinite loop - strace needs to be terminated by task manager] > > > Same if -fstack-protector-strong is added. Thanks for the report and testcase. It appears the mq_*() functions are missing a validation step. I'll submit a patch shortly. ..mark -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple