Debian Bug report logs - #121899
libc6: getpt() documentation [no manpage, woohoo!] tells filthy lies about how getpt() works, causing innocent programs to SEGV

Package: libc6; Maintainer for libc6 is GNU Libc Maintainers <debian-glibc@lists.debian.org>; Source for libc6 is src:eglibc.

Reported by: russell@coker.com.au

Date: Sat, 1 Dec 2001 00:03:01 UTC

Severity: important

Tags: upstream

Done: GOTO Masanori <gotom@debian.or.jp>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Branden Robinson <branden@debian.org>:
Bug#121899; Package xterm. Full text and rfc822 format available.

Acknowledgement sent to russell@coker.com.au:
New Bug report received and forwarded. Copy sent to Branden Robinson <branden@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: russell@coker.com.au
To: submit@bugs.debian.org
Subject: xterm: When using Unix98 pty's "chmod 0 /dev/pts" makes xterm SEGV on start
Date: Sat, 1 Dec 2001 00:57:41 +0100 (CET)
Package: xterm
Version: 4.1.0-9
Severity: normal

Run unix98 pty's (/dev/pts/* and /dev/ptmx), then do "chmod 0 /dev/pts" and
xterm will SEGV as soon as you run it.

It should log an error message to stdout and exit.

-- System Information
Debian Release: testing/unstable
Kernel Version: Linux lyta 2.4.14-grsec-1.8.9 #2 Tue Nov 20 09:57:04 CET 2001 i686 unknown

Versions of the packages xterm depends on:
ii  debconf        1.0.20         Debian configuration management system
ii  libc6          2.2.4-6        GNU C Library: Shared libraries and Timezone
ii  libfreetype6   2.0.5-2        FreeType 2 font engine, shared library files
ii  libncurses5    5.2.20010318-3 Shared libraries for terminal handling
ii  libxaw7        4.1.0-9        X Athena widget set library
ii  xlibs          4.1.0-9        X Window System client libraries



Changed Bug title. Request was from Branden Robinson <branden@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Tags added: upstream Request was from Branden Robinson <branden@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Severity set to `important'. Request was from Branden Robinson <branden@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Branden Robinson <branden@debian.org>, xfree86@packages.qa.debian.org:
Bug#121899; Package xterm. Full text and rfc822 format available.

Acknowledgement sent to branden@deadbeast.net (Branden Robinson):
Extra info received and forwarded to list. Copy sent to Branden Robinson <branden@debian.org>, xfree86@packages.qa.debian.org. Full text and rfc822 format available.

Message #16 received at 121899@bugs.debian.org (full text, mbox):

From: branden@deadbeast.net (Branden Robinson)
To: 121899@bugs.debian.org
Subject: proof
Date: Sat, 10 Aug 2002 23:05:22 -0500
[Message part 1 (text/plain, inline)]
10:47PM|<BenC> Overfiend: if you can isolate the problem to just those
to calls in a test program, I'd consider it a glibc bug, or something
lacking in documentation on expected usage

#define _GNU_SOURCE

#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

int main(int argc, char* argv[]) {

	int *pty;

	*pty = getpt();

	if (*pty < 0) {
		perror("getpt() failed");
		exit(1);
	}

	printf("ptsname of allocated pty is %s\n", ptsname(*pty));

	return 0;
}

-- 
G. Branden Robinson                |      "There is no gravity in space."
Debian GNU/Linux                   |      "Then how could astronauts walk
branden@deadbeast.net              |       around on the Moon?"
http://www.deadbeast.net/~branden/ |      "Because they wore heavy boots."
[Message part 2 (application/pgp-signature, inline)]

Bug reassigned from package `xterm' to `libc6'. Request was from Branden Robinson <branden@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Changed Bug title. Request was from Branden Robinson <branden@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Changed Bug title. Request was from Branden Robinson <branden@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Tags added: upstream Request was from Branden Robinson <branden@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Changed Bug title. Request was from Branden Robinson <branden@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>, glibc@packages.qa.debian.org:
Bug#121899; Package libc6. Full text and rfc822 format available.

Acknowledgement sent to "H. S. Teoh" <hsteoh@quickfur.ath.cx>:
Extra info received and forwarded to list. Copy sent to GNU Libc Maintainers <debian-glibc@lists.debian.org>, glibc@packages.qa.debian.org. Full text and rfc822 format available.

Message #31 received at 121899@bugs.debian.org (full text, mbox):

From: "H. S. Teoh" <hsteoh@quickfur.ath.cx>
To: 121899@bugs.debian.org
Subject: No wonder it segfaults
Date: Thu, 26 Dec 2002 18:01:10 -0500
At least, it's not surprising that the "minimal case" Branden provided in
BTS segfaults. It's nothing to do with getpt(); the code is using in
uninitialized pointer *pts.

Barring that, however, I have just confirmed that on libc6 (2.3.1-3),
getpt() does not return an error if /dev/pts is chmod'd to 0, as Branden
suggested. I found that it was still successfully allocating a pty file
descriptor for the pty. However, ptsname() will return a NULL pointer,
because it won't have the permissions to read the pty.

I'm not sure if this should be considered a bug, since getpt() *does*
allocate a new pty, even if it is unreadable. I have confirmed that a new
pty does appear in /dev/pts, and gets removed once the test program exits.
In other words, it *does* successfully allocate a pty and returns the file
descriptor, as described by the .info documentation.

Whether or not getpt() should check for the pty's readability is another
issue, and I don't think libc is "buggy" there either --- one really
should check the return value of ptsname() (or other pts-accessing calls),
which *is* returning NULL in this case when it can't read the pty. 

At any rate, I tried this with xterm, and got:
	xterm: unable to access pty device: Permission denied

I'm not sure if Branden worked around the problem in xterm, or upstream
has fixed the problem. Perhaps this bug should be closed.

HTH.


T

-- 
And life still goes on...



Information forwarded to debian-bugs-dist@lists.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>, glibc@packages.qa.debian.org:
Bug#121899; Package libc6. Full text and rfc822 format available.

Acknowledgement sent to GOTO Masanori <gotom@debian.or.jp>:
Extra info received and forwarded to list. Copy sent to GNU Libc Maintainers <debian-glibc@lists.debian.org>, glibc@packages.qa.debian.org. Full text and rfc822 format available.

Message #36 received at 121899@bugs.debian.org (full text, mbox):

From: GOTO Masanori <gotom@debian.or.jp>
To: "H. S. Teoh" <hsteoh@quickfur.ath.cx>, 121899@bugs.debian.org, branden@debian.org
Subject: Re: Bug#121899: No wonder it segfaults
Date: Sun, 29 Dec 2002 00:20:01 +0900
At Thu, 26 Dec 2002 18:01:10 -0500,
H. S. Teoh <hsteoh@quickfur.ath.cx> wrote:
> At least, it's not surprising that the "minimal case" Branden provided in
> BTS segfaults. It's nothing to do with getpt(); the code is using in
> uninitialized pointer *pts.

Yes. This test program is wrong.  It needs to replace *pts to pts, or
allocate *pts.

> Barring that, however, I have just confirmed that on libc6 (2.3.1-3),
> getpt() does not return an error if /dev/pts is chmod'd to 0, as Branden
> suggested. I found that it was still successfully allocating a pty file
> descriptor for the pty. However, ptsname() will return a NULL pointer,
> because it won't have the permissions to read the pty.

Your analisys is right.  xterm needs to fix.

> I'm not sure if this should be considered a bug, since getpt() *does*
> allocate a new pty, even if it is unreadable. I have confirmed that a new
> pty does appear in /dev/pts, and gets removed once the test program exits.
> In other words, it *does* successfully allocate a pty and returns the file
> descriptor, as described by the .info documentation.

Yup. 

> Whether or not getpt() should check for the pty's readability is another
> issue, and I don't think libc is "buggy" there either --- one really
> should check the return value of ptsname() (or other pts-accessing calls),
> which *is* returning NULL in this case when it can't read the pty. 
> 
> At any rate, I tried this with xterm, and got:
> 	xterm: unable to access pty device: Permission denied
> 
> I'm not sure if Branden worked around the problem in xterm, or upstream
> has fixed the problem. Perhaps this bug should be closed.

I also don't know it's already fixed, but at least I think it's not
glibc bug.

Branden, please check your latest X11, and could I close this bug?

-- gotom



Information forwarded to debian-bugs-dist@lists.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>, glibc@packages.qa.debian.org:
Bug#121899; Package libc6. Full text and rfc822 format available.

Acknowledgement sent to "H. S. Teoh" <hsteoh@quickfur.ath.cx>:
Extra info received and forwarded to list. Copy sent to GNU Libc Maintainers <debian-glibc@lists.debian.org>, glibc@packages.qa.debian.org. Full text and rfc822 format available.

Message #41 received at 121899@bugs.debian.org (full text, mbox):

From: "H. S. Teoh" <hsteoh@quickfur.ath.cx>
To: GOTO Masanori <gotom@debian.or.jp>
Cc: 121899@bugs.debian.org, branden@debian.org
Subject: Re: Bug#121899: No wonder it segfaults
Date: Tue, 31 Dec 2002 10:42:27 -0500
On Sun, Dec 29, 2002 at 12:20:01AM +0900, GOTO Masanori wrote:
> At Thu, 26 Dec 2002 18:01:10 -0500,
> H. S. Teoh <hsteoh@quickfur.ath.cx> wrote:
[snip]
> > At any rate, I tried this with xterm, and got:
> > 	xterm: unable to access pty device: Permission denied
> > 
> > I'm not sure if Branden worked around the problem in xterm, or upstream
> > has fixed the problem. Perhaps this bug should be closed.
> 
> I also don't know it's already fixed, but at least I think it's not
> glibc bug.
> 
> Branden, please check your latest X11, and could I close this bug?
[snip]

IMHO, this bug should be closed. The latest xterm (4.2.1-4 on my machine)
doesn't SEGV anymore; it correctly displays an error message and exits
cleanly. I think this addresses the issue raised in the original bug
report.


T

-- 
If we don't succeed we run the risk of failure. -- Dan Quayle



Reply sent to GOTO Masanori <gotom@debian.or.jp>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to russell@coker.com.au:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #46 received at 121899-done@bugs.debian.org (full text, mbox):

From: GOTO Masanori <gotom@debian.or.jp>
To: "H. S. Teoh" <hsteoh@quickfur.ath.cx>
Cc: GOTO Masanori <gotom@debian.or.jp>, 121899-done@bugs.debian.org, branden@debian.org, debian-glibc@lists.debian.org
Subject: Re: Bug#121899: No wonder it segfaults
Date: Wed, 01 Jan 2003 13:42:31 +0900
At Tue, 31 Dec 2002 10:42:27 -0500,
H. S. Teoh <hsteoh@quickfur.ath.cx> wrote:
> On Sun, Dec 29, 2002 at 12:20:01AM +0900, GOTO Masanori wrote:
> > At Thu, 26 Dec 2002 18:01:10 -0500,
> > H. S. Teoh <hsteoh@quickfur.ath.cx> wrote:
> [snip]
> > > At any rate, I tried this with xterm, and got:
> > > 	xterm: unable to access pty device: Permission denied
> > > 
> > > I'm not sure if Branden worked around the problem in xterm, or upstream
> > > has fixed the problem. Perhaps this bug should be closed.
> > 
> > I also don't know it's already fixed, but at least I think it's not
> > glibc bug.
> > 
> > Branden, please check your latest X11, and could I close this bug?
> [snip]
> 
> IMHO, this bug should be closed. The latest xterm (4.2.1-4 on my machine)
> doesn't SEGV anymore; it correctly displays an error message and exits
> cleanly. I think this addresses the issue raised in the original bug
> report.

Thanks for your tests :)
It seems fine, I close this bug.

Regards,
-- gotom




Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 23 18:44:19 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.