develooper Front page | perl.perl5.porters | Postings from October 2005

[perl #37535] [PATCH] ioctl IOCPARM_LEN(x) should be _IOC_SIZE(x) on Linux, not 256

Thread Next
From:
Jason Vas Dias
Date:
October 25, 2005 16:49
Subject:
[perl #37535] [PATCH] ioctl IOCPARM_LEN(x) should be _IOC_SIZE(x) on Linux, not 256
Message ID:
rt-3.0.11-37535-123290.14.118037538994@perl.org
# New Ticket Created by  Jason Vas Dias 
# Please include the string:  [perl #37535]
# in the subject line of all future correspondence about this issue. 
# <URL: https://rt.perl.org/rt3/Ticket/Display.html?id=37535 >



This is a bug report for perl from jvdias@redhat.com,
generated with the help of perlbug 1.35 running under perl v5.8.7.


-----------------------------------------------------------------
[Please enter your report here]

perl.h incorrectly guessed the IOCPARM_LEN on Linux to be constant 256 .

The IOCPARM_LEN(ioctl_number) macro is meant to extract the length / size
field from the ioctl_number, which must be the size of the memory
pointed to by the pointer RW argument passed to ioctl.

On Linux, the _IOC_SIZE(ioctl_number) macro is provided for this purpose,
and there is no IOCPARM_LEN macro, so at pp_sys.c, in Perl_pp_ioctl,
@line 2210:

    if (SvPOK(argsv) || !SvNIOK(argsv)) {
        STRLEN len;
        STRLEN need;
        s = SvPV_force(argsv, len);
        need = IOCPARM_LEN(func);
        if (len < need) {
            s = Sv_Grow(argsv, need + 1);
            SvCUR_set(argsv, need);
        }

"need" was ALWAYS set to '257' on linux .
( BTW, shouldn't 'len' be initialized to 0 here? )

This bug was found to be the root cause of Red Hat Bugzilla #171111:
    https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171111
where some printers would return a printer id string > 256 bytes long,
which caused perl to generate a SIGSEGV in the
    ioctl(STDIN,0x84005001,$result)
call, where $result was undef, because perl made $result only 257
bytes long.

Here's a patch to perl.h which fixes this problem:

--- perl-5.8.7/perl.h.IOC_SIZE  2005-05-07 16:11:45.000000000 -0400
+++ perl-5.8.7/perl.h   2005-10-25 16:56:10.000000000 -0400
@@ -2508,11 +2508,17 @@

 #ifndef IOCPARM_LEN
 #   ifdef IOCPARM_MASK
-       /* on BSDish systes we're safe */
+       /* on BSDish systems we're safe */
 #      define IOCPARM_LEN(x)  (((x) >> 16) & IOCPARM_MASK)
 #   else
-       /* otherwise guess at what's safe */
-#      define IOCPARM_LEN(x)   256
+#      ifdef _IOC_SIZE
+               /* on Linux systems we're safe */
+#              define IOCPARM_LEN(x) _IOC_SIZE(x)
+#      else
+               /* otherwise guess at what's safe (we're UNSAFE!) */
+#              warning "unsafe assumption of IOCPARM_LEN=256"
+#              define IOCPARM_LEN(x)   256
+#      endif
 #   endif
 #endif

This patch has been applied in the Red Hat perl-5.8.7-0.6.fc5 (Rawhide)
release.

Please consider applying the above patch, and fix this issue in future
perl 5.8.8+ / 6.x releases.

Thank You,

Jason Vas Dias <jvdias@redhat.com>
Red Hat perl package maintainer


[Please do not change anything below this line]
-----------------------------------------------------------------
---
Flags:
    category=core
    severity=medium
---
This perlbug was built using Perl v5.8.7 in the Red Hat build system.
It is being executed now by Perl v5.8.7 - Tue Oct 25 17:23:30 EDT 2005.

Site configuration information for perl v5.8.7:

Configured by Red Hat, Inc. at Tue Oct 25 17:23:30 EDT 2005.

Summary of my perl5 (revision 5 version 8 subversion 7) configuration:
  Platform:
    osname=linux, osvers=2.6.13-1.1624_fc5, archname=i386-linux-thread-multi
    uname='linux jvdias 2.6.13-1.1624_fc5 #1 mon oct 24 01:16:31 edt 2005 i686 i686 i386 gnulinux '
    config_args='-des -Doptimize=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=pentium4 -fasynchronous-unwind-tables -Dversion=5.8.7 -Dmyhostname=localhost -Dperladmin=root@localhost -Dcc=gcc -Dcf_by=Red Hat, Inc. -Dinstallprefix=/usr -Dprefix=/usr -Darchname=i386-linux -Dvendorprefix=/usr -Dsiteprefix=/usr -Duseshrplib -Dusethreads -Duseithreads -Duselargefiles -Dd_dosuid -Dd_semctl_semun -Di_db -Ui_ndbm -Di_gdbm -Di_shadow -Di_syslog -Dman3ext=3pm -Duseperlio -Dinstallusrbinperl=n -Ubincompat5005 -Uversiononly -Dpager=/usr/bin/less -isr -Dd_gethostent_r_proto -Ud_endhostent_r_proto -Ud_sethostent_r_proto -Ud_endprotoent_r_proto -Ud_setprotoent_r_proto -Ud_endservent_r_proto -Ud_setservent_r_proto -Dinc_version_list=5.8.6 5.8.5 5.8.4 5.8.3 -Dscriptdir=/usr/bin'
    hint=recommended, useposix=true, d_sigaction=define
    usethreads=define use5005threads=undef useithreads=define usemultiplicity=define
    useperlio=define d_sfio=undef uselargefiles=define usesocks=undef
    use64bitint=undef use64bitall=undef uselongdouble=undef
    usemymalloc=n, bincompat5005=undef
  Compiler:
    cc='gcc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -fno-strict-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm',
    optimize='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=pentium4 -fasynchronous-unwind-tables',
    cppflags='-D_REENTRANT -D_GNU_SOURCE -fno-strict-aliasing -pipe -I/usr/local/include -I/usr/include/gdbm'
    ccversion='', gccversion='4.0.2 20051007 (Red Hat 4.0.2-3)', gccosandvers=''
    intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
    ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
    alignbytes=4, prototype=define
  Linker and Libraries:
    ld='gcc', ldflags =' -L/usr/local/lib'
    libpth=/usr/local/lib /lib /usr/lib
    libs=-lresolv -lnsl -lgdbm -ldb -ldl -lm -lcrypt -lutil -lpthread -lc
    perllibs=-lresolv -lnsl -ldl -lm -lcrypt -lutil -lpthread -lc
    libc=/lib/libc-2.3.90.so, so=so, useshrplib=true, libperl=libperl.so
    gnulibc_version='2.3.90'
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E -Wl,-rpath,/usr/lib/perl5/5.8.7/i386-linux-thread-multi/CORE'
    cccdlflags='-fPIC', lddlflags='-shared -L/usr/local/lib'

Locally applied patches:


---
@INC for perl v5.8.7:
    /usr/lib/perl5/site_perl/5.8.7/i386-linux-thread-multi
    /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi
    /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi
    /usr/lib/perl5/site_perl/5.8.4/i386-linux-thread-multi
    /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi
    /usr/lib/perl5/site_perl/5.8.7
    /usr/lib/perl5/site_perl/5.8.6
    /usr/lib/perl5/site_perl/5.8.5
    /usr/lib/perl5/site_perl/5.8.4
    /usr/lib/perl5/site_perl/5.8.3
    /usr/lib/perl5/site_perl
    /usr/lib/perl5/vendor_perl/5.8.7/i386-linux-thread-multi
    /usr/lib/perl5/vendor_perl/5.8.6/i386-linux-thread-multi
    /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi
    /usr/lib/perl5/vendor_perl/5.8.4/i386-linux-thread-multi
    /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi
    /usr/lib/perl5/vendor_perl/5.8.7
    /usr/lib/perl5/vendor_perl/5.8.6
    /usr/lib/perl5/vendor_perl/5.8.5
    /usr/lib/perl5/vendor_perl/5.8.4
    /usr/lib/perl5/vendor_perl/5.8.3
    /usr/lib/perl5/vendor_perl
    /usr/lib/perl5/5.8.7/i386-linux-thread-multi
    /usr/lib/perl5/5.8.7
    .

---
Environment for perl v5.8.7:
    HOME=/root
    LANG=en_US.UTF-8
    LANGUAGE (unset)
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    PATH=/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/root/bin
    PERL_BADLANG (unset)
    SHELL=/bin/bash


Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About