Ubuntu
cron package

cron do_command.c attempts a fork() without testing for errors

Bug #1779583 reported by Alexis Wilke
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
cron (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

The do_command.c file calls fork() twice.

For the first fork(), the possibility for an error is checked properly and an error emitted (see https://bugs.launchpad.net/ubuntu/+source/cron/+bug/1702785 for an example when that happens: message is "can't fork".) This first fork() makes use of a switch() statement as expected.

The second fork(), however, is used inside an if() statement like this:

if (*input_data && fork() == 0) { ... }

Here we can see a couple of problems. After the if block, we have this statement:

children++;

which means that we will have to wait on TWO children. However, (1) the *input_data could return false and thus the second child may not be created at all. (2) the fork() could return -1 meaning that no other child is created.

I suppose that the child_process() probably always or nearly always has some input_data. Otherwise it would block waiting for a child that was never started. And of course, it is relatively rare that fork() fails, unless you are running our of RAM (heap or stack can't be allocated) or process space (too many processes running concurrently.)

I have a proposed patch to fix the problem. It uses a switch() which emits an error in case the fork() fails, but let the program go on as before (instead of an immediate exit as in the first fork()).

The children variable gets incremented only when the fork() happens and succeeds (default: block in the new switch().)

The do_command.c file did not change between 16.04 (xenial) and 18.04 (bionic beaver), so the patch will work for either version.

See original description
Revision history for this message
Alexis Wilke (alexis-m2osw) wrote :

This may be one solution to the problem reported here:

https://bugs.launchpad.net/ubuntu/+source/cron/+bug/1702785

Because when the second fork() fails, the cron process waits for 2 children, one of which doesn't even exist and thus cron is stuck with "a ton" of memory allocated. This would also happen if *input_data is false. So not just because the fork() fails... but it could be because it does not even happen.

Alexis Wilke (alexis-m2osw)
description: updated
Revision history for this message
Alexis Wilke (alexis-m2osw) wrote :

I guess I should attempt to compile before submitting a patch. Some brackets were required in one of the cases.

Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "Compiling fix to second fork() in child_process()" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

Brian Murray (brian-murray)
tags: added: cosmic
Alexis Wilke (alexis-m2osw)
tags: added: xenial
removed: trusty
description: updated
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in cron (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.