[PATCH] ioctl IOCPARM_LEN(x) should be _IOC_SIZE(x) on Linux, not 256
by Jason Vas Dias
This is a bug report for perl from jvdias(a)redhat.com,
generated with the help of perlbug 1.35 running under perl v5.8.7.
-----------------------------------------------------------------
[Please enter your report here]
perl.h incorrectly guessed the IOCPARM_LEN on Linux to be constant 256 .
The IOCPARM_LEN(ioctl_number) macro is meant to extract the length / size
field from the ioctl_number, which must be the size of the memory
pointed to by the pointer RW argument passed to ioctl.
On Linux, the _IOC_SIZE(ioctl_number) macro is provided for this purpose,
and there is no IOCPARM_LEN macro, so at pp_sys.c, in Perl_pp_ioctl,
@line 2210:
if (SvPOK(argsv) || !SvNIOK(argsv)) {
STRLEN len;
STRLEN need;
s = SvPV_force(argsv, len);
need = IOCPARM_LEN(func);
if (len < need) {
s = Sv_Grow(argsv, need + 1);
SvCUR_set(argsv, need);
}
"need" was ALWAYS set to '257' on linux .
( BTW, shouldn't 'len' be initialized to 0 here? )
This bug was found to be the root cause of Red Hat Bugzilla #171111:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171111
where some printers would return a printer id string > 256 bytes long,
which caused perl to generate a SIGSEGV in the
ioctl(STDIN,0x84005001,$result)
call, where $result was undef, because perl made $result only 257
bytes long.
Here's a patch to perl.h which fixes this problem:
--- perl-5.8.7/perl.h.IOC_SIZE 2005-05-07 16:11:45.000000000 -0400
+++ perl-5.8.7/perl.h 2005-10-25 16:56:10.000000000 -0400
@@ -2508,11 +2508,17 @@
#ifndef IOCPARM_LEN
# ifdef IOCPARM_MASK
- /* on BSDish systes we're safe */
+ /* on BSDish systems we're safe */
# define IOCPARM_LEN(x) (((x) >> 16) & IOCPARM_MASK)
# else
- /* otherwise guess at what's safe */
-# define IOCPARM_LEN(x) 256
+# ifdef _IOC_SIZE
+ /* on Linux systems we're safe */
+# define IOCPARM_LEN(x) _IOC_SIZE(x)
+# else
+ /* otherwise guess at what's safe (we're UNSAFE!) */
+# warning "unsafe assumption of IOCPARM_LEN=256"
+# define IOCPARM_LEN(x) 256
+# endif
# endif
#endif
This patch has been applied in the Red Hat perl-5.8.7-0.6.fc5 (Rawhide)
release.
Please consider applying the above patch, and fix this issue in future
perl 5.8.8+ / 6.x releases.
Thank You,
Jason Vas Dias <jvdias(a)redhat.com>
Red Hat perl package maintainer
[Please do not change anything below this line]
-----------------------------------------------------------------
---
Flags:
category=core
severity=medium
---
This perlbug was built using Perl v5.8.7 in the Red Hat build system.
It is being executed now by Perl v5.8.7 - Tue Oct 25 17:23:30 EDT 2005.
Site configuration information for perl v5.8.7:
Configured by Red Hat, Inc. at Tue Oct 25 17:23:30 EDT 2005.
Summary of my perl5 (revision 5 version 8 subversion 7) configuration:
Platform:
osname=linux, osvers=2.6.13-1.1624_fc5, archname=i386-linux-thread-multi
uname='linux jvdias 2.6.13-1.1624_fc5 #1 mon oct 24 01:16:31 edt 2005 i686 i686 i386 gnulinux '
config_args='-des -Doptimize=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=pentium4 -fasynchronous-unwind-tables -Dversion=5.8.7 -Dmyhostname=localhost -Dperladmin=root@localhost -Dcc=gcc -Dcf_by=Red Hat, Inc. -Dinstallprefix=/usr -Dprefix=/usr -Darchname=i386-linux -Dvendorprefix=/usr -Dsiteprefix=/usr -Duseshrplib -Dusethreads -Duseithreads -Duselargefiles -Dd_dosuid -Dd_semctl_semun -Di_db -Ui_ndbm -Di_gdbm -Di_shadow -Di_syslog -Dman3ext=3pm -Duseperlio -Dinstallusrbinperl=n -Ubincompat5005 -Uversiononly -Dpager=/usr/bin/less -isr -Dd_gethostent_r_proto -Ud_endhostent_r_proto -Ud_sethostent_r_proto -Ud_endprotoent_r_proto -Ud_setprotoent_r_proto -Ud_endservent_r_proto -Ud_setservent_r_proto -Dinc_version_list=5.8.6 5.8.5 5.8.4 5.8.3 -Dscriptdir=/usr/bin'
hint=recommended, useposix=true, d_sigaction=define
usethreads=define use5005threads=undef useithreads=define usemultiplicity=define
useperlio=define d_sfio=undef uselargefiles=define usesocks=undef
use64bitint=undef use64bitall=undef uselongdouble=undef
usemymalloc=n, bincompat5005=undef
Compiler:
cc='gcc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -fno-strict-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm',
optimize='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=pentium4 -fasynchronous-unwind-tables',
cppflags='-D_REENTRANT -D_GNU_SOURCE -fno-strict-aliasing -pipe -I/usr/local/include -I/usr/include/gdbm'
ccversion='', gccversion='4.0.2 20051007 (Red Hat 4.0.2-3)', gccosandvers=''
intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
alignbytes=4, prototype=define
Linker and Libraries:
ld='gcc', ldflags =' -L/usr/local/lib'
libpth=/usr/local/lib /lib /usr/lib
libs=-lresolv -lnsl -lgdbm -ldb -ldl -lm -lcrypt -lutil -lpthread -lc
perllibs=-lresolv -lnsl -ldl -lm -lcrypt -lutil -lpthread -lc
libc=/lib/libc-2.3.90.so, so=so, useshrplib=true, libperl=libperl.so
gnulibc_version='2.3.90'
Dynamic Linking:
dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E -Wl,-rpath,/usr/lib/perl5/5.8.7/i386-linux-thread-multi/CORE'
cccdlflags='-fPIC', lddlflags='-shared -L/usr/local/lib'
Locally applied patches:
---
@INC for perl v5.8.7:
/usr/lib/perl5/site_perl/5.8.7/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.4/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.7
/usr/lib/perl5/site_perl/5.8.6
/usr/lib/perl5/site_perl/5.8.5
/usr/lib/perl5/site_perl/5.8.4
/usr/lib/perl5/site_perl/5.8.3
/usr/lib/perl5/site_perl
/usr/lib/perl5/vendor_perl/5.8.7/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.6/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.4/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.7
/usr/lib/perl5/vendor_perl/5.8.6
/usr/lib/perl5/vendor_perl/5.8.5
/usr/lib/perl5/vendor_perl/5.8.4
/usr/lib/perl5/vendor_perl/5.8.3
/usr/lib/perl5/vendor_perl
/usr/lib/perl5/5.8.7/i386-linux-thread-multi
/usr/lib/perl5/5.8.7
.
---
Environment for perl v5.8.7:
HOME=/root
LANG=en_US.UTF-8
LANGUAGE (unset)
LD_LIBRARY_PATH (unset)
LOGDIR (unset)
PATH=/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/root/bin
PERL_BADLANG (unset)
SHELL=/bin/bash
18 years, 6 months
[Bug 171111] (libperl) could not run system-config-printer
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: (libperl) could not run system-config-printer
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171111
jvdias(a)redhat.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |MODIFIED
------- Additional Comments From jvdias(a)redhat.com 2005-10-25 18:20 EST -------
OK, I've finally found and fixed the problem here, now that I've brought my
USB printer in to work from home (unecessarily! :-)
perl was looking for an IOCPARM_LEN(ioctl_number) macro to return the
length bits from the ioctl function number. This works OK on BSD systems.
But if IOCPARM_LEN was not defined, perl.h "guessed" and defined
IOCPARM_LEN(ioctl_number) to be 256 . Linux has no IOCPARM_LEN(x) macro.
So any printer that returned an ID string > 256 bytes would cause a SIGSEGV .
Linux has the _IOC_SIZE(x) macro, so I changed perl.h to use _IOC_SIZE(x) if
IOCPARM_LEN is not defined instead of constant 256.
I have submitted this bug upstream with perlbug - waiting for a RT #.
So this bug is now fixed in Rawhide (FC-5) with perl-5.8.7-0.6.fc5 .
It will now have to be fixed in RHEL-3, RHEL-4, FC-4, FC-3 .
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
18 years, 6 months
any ideas why RHEL-3's perl 5.8.1+ thinks { $s='a'; $s=~s///; !($s=~/^\p{IsASCII}+$/); }
by Jason Vas Dias
Hi -
Any ideas on which particular upstream PERL patch fixes this
issue would be much appreciated :
In RHEL-3's perl-5.8.0-88.9.1 / 5.8.0-88.9 (basically 5.8.1 in all but name):
$ perl -e '$s="a"; ($s=~/^\p{IsASCII}+$/) && print "yes\n";'
yes
$ perl -e '$s="a"; $s=~s///; ($s=~/^\p{IsASCII}+$/) && print "yes\n";'
$ (no)
$ perl -e '$s="a"; $s=~s///; ($s=~/^[[:ascii:]]+$/) && print "yes\n";'
yes
$ perl -e '$s="a"; $s=~s/n//; ($s=~/^\p{IsASCII}+$/) && print "yes\n";'
yes
$ perl -e '$s="a"; $s=~s/\s//; ($s=~/^\p{IsASCII}+$/) && print "yes\n";'
$ (no)
ie. the ^\p{IsASCII}+$ test always fails if it is preceded by a 's///' substitution
which does not substitute anything and attempts to match whitespace or nothing.
This is Bugzilla 171653 which I'm trying to fix.
I've searched the PERL bugs and done a cursory grep of the hundreds of PERL patches
applied since 5.8.[01], but cannot find any obvious candidates.
Any suggestions / ideas as to which set of upstream perl patches could be applied to
RHEL-3 that would fix this issue and not break anything else would would be much
appreciated.
Meanwhile I'm attempting to debug the regexec.c code to and looking at each patch
affecting regexec.c in order to determine what causes this and what fixes it in the
RHEL-4 and FC-{3,4,5} perl versions.
Thanks & Regards,
Jason Vas Dias
Red Hat PERL package maintainer
18 years, 6 months
[Bug 171197] New: perl: double free or corruption (!prev)
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171197
Summary: perl: double free or corruption (!prev)
Product: Fedora Core
Version: devel
Platform: i386
OS/Version: Linux
Status: NEW
Severity: normal
Priority: normal
Component: perl
AssignedTo: wtogami(a)redhat.com
ReportedBy: rvokal(a)redhat.com
QAContact: dkl(a)redhat.com
CC: fedora-perl-devel-list(a)redhat.com
>From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8b5) Gecko/20051008 Fedora/1.5-0.5.0.beta2 Firefox/1.4.1
Description of problem:
A sample perl module for net-snmp causes double free corruption
# perl ./perl_module.pl
starting perl_module.pl
perl_module.pl loaded ok
registering at netSnmp.999
NET-SNMP version 5.2.2.rc1 AgentX subagent connected
started us as a subagent (NetSNMP::agent=HASH(0x917c360))
shutting down
mainloop excercised
*** glibc detected *** perl: double free or corruption (!prev): 0x091c3768 ***
Version-Release number of selected component (if applicable):
perl-5.8.7-0.5.fc5.i386
How reproducible:
Always
Steps to Reproduce:
1. start net-snmp
add following line to snmpd.conf
master agentx
2. start perl module (perl /path/to/perl_module.pl)
3. hit ctrl-c
Additional info:
testing with rawhide net-snmp
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
18 years, 6 months
[Bug 171111] (libperl) could not run system-config-printer
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: (libperl) could not run system-config-printer
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171111
jvdias(a)redhat.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
------- Additional Comments From jvdias(a)redhat.com 2005-10-24 16:49 EST -------
OK, it appears this command has caused a SIGSEGV when run with STDIN
directed a USB printer device:
# perl -e 'ioctl(STDIN,0x84005001,$result); print $result' </dev/usb/lp0
from:
/usr/share/printconf/util/printconf_conf.py, @ line 1460:
magic_perl = "perl -e 'ioctl(STDIN,0x84005001,$result);"
magic_perl += "print $result' 2>/dev/null <"
foo = os.popen (magic_perl + dev)
rawid = foo.readlines ()
Why not use the Python fcntl.ioctl() call here ?
It would be interesting to see if python also has a problem with this ioctl:
# python
>>> import os, fcntl, array;
>>> result=array.array(1024)
>>> fcntl.ioctl( os.open("/dev/usb/lp0","r"), -2080354303, result, 1 )
I've just now tried running the perl command above with STDIN directed to an
RS-232 serial port, (the only serial device I have here at work) on up-to-date
Rawhide, FC-4, RHEL-4 and FC-3 systems, and have not been able to reproduce
the problem.
I do have a USB printer at home, and I try to reproduce this problem there.
But googling for 0x84005001 turned up
http://home.techwiz.ca/ftp/Linux/dist/MandrakeLinux/official/9.2/i586/Man...
:
# Calculation of IOCTL function 0x84005001 (to get device ID
# string):
# len = 1024
# IOCNR_GET_DEVICE_ID = 1
# LPIOC_GET_DEVICE_ID(len) =
# _IOC(_IOC_READ, 'P', IOCNR_GET_DEVICE_ID, len)
# _IOC(), _IOC_READ as defined in /usr/include/asm/ioctl.h
# Use "eval" so that program does not stop when IOCTL fails
eval {
my $output = "\0" x 1024;
ioctl($PORT, 0x84005001, $output);
$idstr = $output;
} or do {
close $PORT;
next;
};
Note how the programmer is careful to allocate a 1024 buffer for the RW
ioctl $output parameter, since the 0x84005001 says "I am passing in
an 1024 byte RW buffer" .
Perhaps the SEGV occurs only when a USB printer is on STDIN, because
only a USB printer actually returns an ID string, which writes into the
(empty) $result buffer ?
Does the problem still occur if the command is ammended :
perl -e '$result="\0" x 1024; ioctl(STDIN,0x84005001,$result);print
$result,"\n";' </dev/usb/lp0
If not, I don't think it this a PERL bug , but a programming error - any
use of ioctl(x,0x84005001,buf), invoked from a C program, will cause a
SIGSEGV if the ioctl returns data in buf and buf does not point to a 1024 byte
buffer .
Can anyone reading this with access to a USB printer please verify, with
latest versions that this is still a bug:
1. Does this command produces a SIGSEGV:
# perl -e 'ioctl(STDIN,0x84005001,$result); print $result' </dev/usb/lp0
2. Does this command produce a SIGSEGV :
# perl -e '$result="\0" x 1024; ioctl(STDIN,0x84005001,$result); print $result'
</dev/usb/lp0
If the answer to (2) is NO, then this is not a PERL bug.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
18 years, 6 months
[Bug 171594] New: spamassassin-3.0.5 Upstream work
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171594
Summary: spamassassin-3.0.5 Upstream work
Product: Fedora Core
Version: devel
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: normal
Component: spamassassin
AssignedTo: wtogami(a)redhat.com
ReportedBy: wtogami(a)redhat.com
CC: fedora-perl-devel-
list@redhat.com,felicity@kluge.net,jm(a)jmason.org,parkerm
@pobox.com,reg+redhat@sidney.com,wtogami(a)redhat.com
Warren needs to complete work on backporting and testing patches in order for
upstream to do the 3.0.5 release. This will be tested as Fedora updates for FC3
and FC4 and eventually be used in RHEL4U3 in Bug #171325.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
18 years, 6 months