2021-08-17 13:31:08 |
Colin Ian King |
bug |
|
|
added bug |
2021-08-17 13:31:14 |
Colin Ian King |
glibc (Ubuntu): importance |
Undecided |
High |
|
2021-08-17 13:33:49 |
Colin Ian King |
description |
The timer_delete(2) man page states:
EINVAL timerid is not a valid timer ID.
The following shows that this is not strictly true:
$ cat t.c
#include <time.h>
#include <stdlib.h>
int main(void)
{
void *ptr = (void *)0xe236f38802c65008ULL;
return timer_delete((timer_t)ptr);
}
gcc t.c -lrt -g
./a.out
Segmentation fault (core dumped)
valgrind ./a.out
==30195== Memcheck, a memory error detector
==30195== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==30195== Using Valgrind-3.17.0 and LibVEX; rerun with -h for copyright info
==30195== Command: ./a.out
==30195==
==30195== Invalid read of size 4
==30195== at 0x487FBF7: timerid_to_kernel_timer (kernel-posix-timers.h:94)
==30195== by 0x487FBF7: timer_delete@@GLIBC_2.3.3 (timer_delete.c:35)
==30195== by 0x10916E: main (t.c:8)
==30195== Address 0xc46de710058ca010 is not stack'd, malloc'd or (recently) free'd
==30195==
==30195==
==30195== Process terminating with default action of signal 11 (SIGSEGV)
==30195== General Protection Fault
==30195== at 0x487FBF7: timerid_to_kernel_timer (kernel-posix-timers.h:94)
==30195== by 0x487FBF7: timer_delete@@GLIBC_2.3.3 (timer_delete.c:35)
==30195== by 0x10916E: main (t.c:8)
==30195==
==30195== HEAP SUMMARY:
==30195== in use at exit: 0 bytes in 0 blocks
==30195== total heap usage: 0 allocs, 0 frees, 0 bytes allocated
==30195==
==30195== All heap blocks were freed -- no leaks are possible
==30195==
==30195== For lists of detected and suppressed errors, rerun with: -s
==30195== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
Segmentation fault (core dumped) |
The timer_delete(2) man page states:
EINVAL timerid is not a valid timer ID.
The following shows that this is not strictly true:
$ cat t.c
#include <time.h>
#include <stdlib.h>
int main(void)
{
timer_t t = (timer_t)0xe236f38802c65008ULL;
return timer_delete(t);
}
$ gcc t.c -lrt -g
./a.out
Segmentation fault (core dumped)
$ valgrind ./a.out
==30195== Memcheck, a memory error detector
==30195== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==30195== Using Valgrind-3.17.0 and LibVEX; rerun with -h for copyright info
==30195== Command: ./a.out
==30195==
==30195== Invalid read of size 4
==30195== at 0x487FBF7: timerid_to_kernel_timer (kernel-posix-timers.h:94)
==30195== by 0x487FBF7: timer_delete@@GLIBC_2.3.3 (timer_delete.c:35)
==30195== by 0x10916E: main (t.c:8)
==30195== Address 0xc46de710058ca010 is not stack'd, malloc'd or (recently) free'd
==30195==
==30195==
==30195== Process terminating with default action of signal 11 (SIGSEGV)
==30195== General Protection Fault
==30195== at 0x487FBF7: timerid_to_kernel_timer (kernel-posix-timers.h:94)
==30195== by 0x487FBF7: timer_delete@@GLIBC_2.3.3 (timer_delete.c:35)
==30195== by 0x10916E: main (t.c:8)
==30195==
==30195== HEAP SUMMARY:
==30195== in use at exit: 0 bytes in 0 blocks
==30195== total heap usage: 0 allocs, 0 frees, 0 bytes allocated
==30195==
==30195== All heap blocks were freed -- no leaks are possible
==30195==
==30195== For lists of detected and suppressed errors, rerun with: -s
==30195== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
Segmentation fault (core dumped) |
|
2021-08-17 13:34:35 |
Colin Ian King |
description |
The timer_delete(2) man page states:
EINVAL timerid is not a valid timer ID.
The following shows that this is not strictly true:
$ cat t.c
#include <time.h>
#include <stdlib.h>
int main(void)
{
timer_t t = (timer_t)0xe236f38802c65008ULL;
return timer_delete(t);
}
$ gcc t.c -lrt -g
./a.out
Segmentation fault (core dumped)
$ valgrind ./a.out
==30195== Memcheck, a memory error detector
==30195== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==30195== Using Valgrind-3.17.0 and LibVEX; rerun with -h for copyright info
==30195== Command: ./a.out
==30195==
==30195== Invalid read of size 4
==30195== at 0x487FBF7: timerid_to_kernel_timer (kernel-posix-timers.h:94)
==30195== by 0x487FBF7: timer_delete@@GLIBC_2.3.3 (timer_delete.c:35)
==30195== by 0x10916E: main (t.c:8)
==30195== Address 0xc46de710058ca010 is not stack'd, malloc'd or (recently) free'd
==30195==
==30195==
==30195== Process terminating with default action of signal 11 (SIGSEGV)
==30195== General Protection Fault
==30195== at 0x487FBF7: timerid_to_kernel_timer (kernel-posix-timers.h:94)
==30195== by 0x487FBF7: timer_delete@@GLIBC_2.3.3 (timer_delete.c:35)
==30195== by 0x10916E: main (t.c:8)
==30195==
==30195== HEAP SUMMARY:
==30195== in use at exit: 0 bytes in 0 blocks
==30195== total heap usage: 0 allocs, 0 frees, 0 bytes allocated
==30195==
==30195== All heap blocks were freed -- no leaks are possible
==30195==
==30195== For lists of detected and suppressed errors, rerun with: -s
==30195== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
Segmentation fault (core dumped) |
The timer_delete(2) man page states:
RETURN VALUE
On success, timer_delete() returns 0. On failure, -1 is returned,
and errno is set to indicate the error.
ERRORS
EINVAL timerid is not a valid timer ID.
The following shows that this is not strictly true:
$ cat t.c
#include <time.h>
#include <stdlib.h>
int main(void)
{
timer_t t = (timer_t)0xe236f38802c65008ULL;
return timer_delete(t);
}
$ gcc t.c -lrt -g
./a.out
Segmentation fault (core dumped)
$ valgrind ./a.out
==30195== Memcheck, a memory error detector
==30195== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==30195== Using Valgrind-3.17.0 and LibVEX; rerun with -h for copyright info
==30195== Command: ./a.out
==30195==
==30195== Invalid read of size 4
==30195== at 0x487FBF7: timerid_to_kernel_timer (kernel-posix-timers.h:94)
==30195== by 0x487FBF7: timer_delete@@GLIBC_2.3.3 (timer_delete.c:35)
==30195== by 0x10916E: main (t.c:8)
==30195== Address 0xc46de710058ca010 is not stack'd, malloc'd or (recently) free'd
==30195==
==30195==
==30195== Process terminating with default action of signal 11 (SIGSEGV)
==30195== General Protection Fault
==30195== at 0x487FBF7: timerid_to_kernel_timer (kernel-posix-timers.h:94)
==30195== by 0x487FBF7: timer_delete@@GLIBC_2.3.3 (timer_delete.c:35)
==30195== by 0x10916E: main (t.c:8)
==30195==
==30195== HEAP SUMMARY:
==30195== in use at exit: 0 bytes in 0 blocks
==30195== total heap usage: 0 allocs, 0 frees, 0 bytes allocated
==30195==
==30195== All heap blocks were freed -- no leaks are possible
==30195==
==30195== For lists of detected and suppressed errors, rerun with: -s
==30195== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
Segmentation fault (core dumped) |
|
2021-08-23 03:25:17 |
Michael Hudson-Doyle |
bug watch added |
|
https://sourceware.org/bugzilla/show_bug.cgi?id=28257 |
|
2021-08-23 10:43:31 |
Dimitri John Ledkov |
bug task added |
|
glibc |
|
2021-08-24 05:13:41 |
Bug Watch Updater |
glibc: importance |
Unknown |
Medium |
|
2021-08-30 20:17:19 |
Launchpad Janitor |
glibc (Ubuntu): status |
New |
Confirmed |
|