proc_get_fdinfo() crash if fdinfo file grows
The recently introduced
proc_get_fdinfo() function does not rewind the file pointer when it detects that it needs to re-read with a bigger buffer, usually resulting in a crash. This happens due to a race between fetching the file size and reading it, when the size can change.
This never showed up in testing but some subsequent work involved blowing up the race window and that exposed the problem.
Updated by Andy Fiddaman 9 months ago
Manifestation of problem, with truss output. In the test system the size of the fdinfo/3 file is misreported by 40 bytes.
open("/proc/100268/fdinfo/3", O_RDONLY) = 6 read(6, "03\0\0\0FFD1\0\0\0\0\0\0".., 204) = 204 read(6, " / e t c / s y s e v e n".., 408) = 40 read(6, 0x006C6F40, 612) = 0 Incurred fault #6, FLTBOUNDS %pc = 0xFFFFFC7FEF2765A8 siginfo: SIGSEGV SEGV_MAPERR addr=0x1006C702B Received signal #11, SIGSEGV [default] siginfo: SIGSEGV SEGV_MAPERR addr=0x1006C702B
Updated by Electric Monk 9 months ago
- Status changed from In Progress to Closed
- % Done changed from 0 to 100
commit 8bd53a1ca9fba2d5585cc775422e4d1db161bf96 Author: Andy Fiddaman <firstname.lastname@example.org> Date: 2020-02-04T11:18:23.000Z 12255 proc_get_fdinfo() crash if fdinfo file grows Reviewed by: John Levon <email@example.com> Reviewed by: Robert Mustacchi <firstname.lastname@example.org> Approved by: Dan McDonald <email@example.com>