Possible bug in libc/sysdeps/linux/sparc/sigaction.c

Denys Vlasenko vda.linux at googlemail.com
Tue Nov 24 01:39:50 UTC 2009 

On Monday 23 November 2009 04:24, Austin Foxley wrote:
> On 07/21/2009 04:53 PM, Denys Vlasenko wrote:
> > Is sparc special in this regard?
> 
> Not special for a good reason, just old. The bug you noted is fixed in 
> master, and will be in the 0.9.30.2 release.

There are a few more problems.

int __libc_sigaction(int sig, const struct sigaction *act, struct sigaction *oact)
{
        int ret;
        struct sigaction kact, koact;
        unsigned long stub = 0;

        if (act) {
                kact.sa_handler = act->sa_handler;
                memcpy (&kact.sa_mask, &act->sa_mask, sizeof (sigset_t));

For me it is not at all obviousl that this memcpy is correct.
It looks like it copies 64bit object (act->sa_mask, which is sigset_t)
into 32bit field (long kact.sa_mask). longs are 32-bit on sparcs, right?

Why not simply kact.sa_mask = act->sa_mask.__val[0]; ?
It's demonstrably correct (both sides are longs).

                if (((kact.sa_flags = act->sa_flags) & SA_SIGINFO) != 0)
                        stub = (unsigned long) &__rt_sigreturn_stub;
                else
                        stub = (unsigned long) &__sigreturn_stub;
                stub -= 8;
                kact.sa_restorer = NULL;
        }

        /* XXX The size argument hopefully will have to be changed to the
         * real size of the user-level sigset_t.  */
        ret = INLINE_SYSCALL (rt_sigaction, 5, sig, act ? &kact : 0,
                        oact ? &koact : 0, stub, _NSIG / 8);

        if (oact && ret >= 0) {
                oact->sa_handler = koact.sa_handler;
                memcpy (&oact->sa_mask, &koact.sa_mask, sizeof (sigset_t));
Same here. Copying 64 bits out of 32-bit object!?
It should put garbage into high half of oact->sa_mask.

You can do oact->sa_mask.__val[0] = koact.sa_mask; instead.

                oact->sa_flags = koact.sa_flags;
                oact->sa_restorer = koact.sa_restorer;
        }
        return ret;
}

More benign problems are lying comment (size argument *must not*
be changed, syscall won't work if it is) and readability,
like assignment jammed inside a complex statement:
if (((kact.sa_flags = act->sa_flags) & SA_SIGINFO) != 0) ...


There are plenty of arches with better __libc_sigaction()s
to imitate.

--
vda

More information about the uClibc mailing list