SIGSEGV instead of EINVAL with invalid timer id in timer_delete() glibc 2.33
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
GLibC |
Unknown
|
Medium
|
|||
glibc (Ubuntu) |
Confirmed
|
High
|
Unassigned |
Bug Description
The timer_delete(2) man page states:
RETURN VALUE
On success, timer_delete() returns 0. On failure, -1 is returned,
and errno is set to indicate the error.
ERRORS
EINVAL timerid is not a valid timer ID.
The following shows that this is not strictly true:
$ cat t.c
#include <time.h>
#include <stdlib.h>
int main(void)
{
timer_t t = (timer_
return timer_delete(t);
}
$ gcc t.c -lrt -g
./a.out
Segmentation fault (core dumped)
$ valgrind ./a.out
==30195== Memcheck, a memory error detector
==30195== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==30195== Using Valgrind-3.17.0 and LibVEX; rerun with -h for copyright info
==30195== Command: ./a.out
==30195==
==30195== Invalid read of size 4
==30195== at 0x487FBF7: timerid_
==30195== by 0x487FBF7: timer_delete@
==30195== by 0x10916E: main (t.c:8)
==30195== Address 0xc46de710058ca010 is not stack'd, malloc'd or (recently) free'd
==30195==
==30195==
==30195== Process terminating with default action of signal 11 (SIGSEGV)
==30195== General Protection Fault
==30195== at 0x487FBF7: timerid_
==30195== by 0x487FBF7: timer_delete@
==30195== by 0x10916E: main (t.c:8)
==30195==
==30195== HEAP SUMMARY:
==30195== in use at exit: 0 bytes in 0 blocks
==30195== total heap usage: 0 allocs, 0 frees, 0 bytes allocated
==30195==
==30195== All heap blocks were freed -- no leaks are possible
==30195==
==30195== For lists of detected and suppressed errors, rerun with: -s
==30195== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
Segmentation fault (core dumped)
Changed in glibc (Ubuntu): | |
importance: | Undecided → High |
description: | updated |
description: | updated |
Changed in glibc: | |
importance: | Unknown → Medium |
This still happens with 2.34 fwiw. Do you want to report this at https:/ /sourceware. org/bugzilla/ or do you want me to do that?