[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [patch] null-pointer exception in hurd/libpipe/pq.c

From: Stefan Siegl
Subject: Re: [patch] null-pointer exception in hurd/libpipe/pq.c
Date: Tue, 25 Jul 2006 22:34:44 +0200
User-agent: Mutt/1.5.11+cvs20060403


On Tue, Jul 25, 2006 at 04:09:51PM +0200, Thomas Schwinge wrote:
> How / why did this happen for you and why didn't it happen for other
> people in the past?

well, I noticed the bug when I tried to use ssh's ControlMaster feature
(see its manpage for details).  Short, to reproduce it, start a
ssh-master (`ssh -M $hostname') and then try to open a slave connection
(just `ssh $hostname') to it.  The slave process will then try to talk
to the master process using a common named pipe (you can specify where
it shall be written out using the `ControlPath' option, by the way). 

Then pflocal will crash as soon as you launch the slave-ssh process,
i.e. as soon as it tries to send data to the master for the first time.

I haven't tracked it down to the last detail (especially I haven't
written any test code), but it seems to be related to sendmsg calls. At
least sendmsg is the only call, which triggers control packages:

,-- [glibc]/sysdeps/mach/hurd/sendmsg.c
|                        /* Send the data.  */
|                        err = __socket_send (port, aport,
|                                             flags, data.ptr, len,
|                                             NULL,
|                                             MACH_MSG_TYPE_COPY_SEND, 0,
|                                             message->msg_control,
|                                             message->msg_controllen,
|                                             &amount);

... the send call for example just provides NULL for msg_control and
zero for msg_controllen. However a control package needs to be sent for
the bug to occur (see `pipe_send' from [hurd]/libpipe/pipe.c).

Concerning your questions why this hasn't shown in the past, well,
probably nobody has tried to use sendmsg to send aucillary data through
a (named) pipe so far. Cannot think of another reason.


Stefan Siegl <stesie@brokenpipe.de>

reply via email to

[Prev in Thread] Current Thread [Next in Thread]