DMARC-Filter: OpenDMARC Filter v1.4.2 delorie.com 50EFeaQN3373314
Authentication-Results: delorie.com; dmarc=pass (p=none dis=none) header.from=cygwin.com
Authentication-Results: delorie.com; spf=pass smtp.mailfrom=cygwin.com
DKIM-Filter: OpenDKIM Filter v2.11.0 delorie.com 50EFeaQN3373314
Authentication-Results: delorie.com;
	dkim=pass (1024-bit key, unprotected) header.d=cygwin.com header.i=@cygwin.com header.a=rsa-sha256 header.s=default header.b=r54gDeWJ
X-Recipient: archive-cygwin AT delorie DOT com
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org A00DD385B516
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1736869234;
	bh=2iVweu5j2rcPU07L3RizeS0lugcpzGhBjb/dFfA6DV0=;
	h=Subject:To:Date:List-Id:List-Unsubscribe:List-Archive:List-Post:
	 List-Help:List-Subscribe:From:Reply-To:Cc:From;
	b=r54gDeWJ7XobHYopCwwKkYTiw47Rt94LQKJUeHoJaUSUp+pMBsRgfq4isMw7nMq9Q
	 XCAHA74+GfFWwWKfyj5d7Dui6p3SpXJ6vNqKogvMSXW6vU2YH74FNcGukYRhtz7OLi
	 BDZTXcgfnakeGSJAhFXnxwofqOq/ye1WLTacJem4=
X-Original-To: cygwin AT cygwin DOT com
Delivered-To: cygwin AT cygwin DOT com
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 6130B385695B
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 6130B385695B
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1736869072; cv=none;
 b=NExcQ7IVezugbBVWc6tjnspadaRHS2xwanj32hVJHInhhozaM8A6tBZn6fXg8QujDD7dx7a1Xq6s5tLNYO+ogpV8CATfhJLzbRysj5CzTH9Q5cgkUNY0ChkKXOTaQjns2LNTQVbBQqIDP1r4HohBEL8T/vhR3pAc5QNed4+y+gY=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
 t=1736869072; c=relaxed/simple;
 bh=FGgv0AVHEod8m49gj5dpZPCnoDr9yTgcxYchkFGqjJM=;
 h=From:Subject:To:Message-ID:Date:MIME-Version;
 b=FzTiB3HXY2euUa5gDN39qRjQpmvOjCYvTZFN7NymcoNr9SBRNHb+ADNwMrX+qspTYlkcpZXGyYgTgg/rPyRQGvaARWVWa1HrNhySJGIOFZl5j9Z9niIG0u4pWiG0cxthWErAHXaAwWGfPLJxQJXaX26obSrwtUohrXkEyJdSDQE=
ARC-Authentication-Results: i=1; server2.sourceware.org
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 6130B385695B
Subject: mq_send(-1, ...) segfaults instead of failing with EBADF
To: cygwin AT cygwin DOT com
Message-ID: <94f6c13a-e58d-0123-40c6-3f8f9a5d2d6f@t-online.de>
Date: Tue, 14 Jan 2025 16:37:44 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101
 SeaMonkey/2.53.19
MIME-Version: 1.0
X-TOI-EXPURGATEID: 150726::1736869065-677FC448-7AF041A6/0/0 CLEAN NORMAL
X-TOI-MSGID: bac9dc2c-aa19-41d5-b21b-d3ed4b7466dd
X-BeenThere: cygwin AT cygwin DOT com
X-Mailman-Version: 2.1.30
List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Archive: <https://cygwin.com/pipermail/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin>,
 <mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From: Christian Franke via Cygwin <cygwin AT cygwin DOT com>
Reply-To: cygwin AT cygwin DOT com
Cc: Christian Franke <Christian DOT Franke AT t-online DOT de>
Content-Type: text/plain; charset="utf-8"; Format="flowed"
Sender: "Cygwin" <cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from base64 to 8bit by delorie.com id 50EFeaQN3373314

Found with 'stress-ng --mq 1 -v':

If an invalid fd is passed to mq_send() and other mq_* functions, a 
segfault occurs instead of returning -1 with errno=EBADF. Depending on 
optimization, the segfault is not visible in the exit status.

Testcase:

$ uname -r
3.5.5-1.x86_64

$ gcc --version
gcc (GCC) 12.4.0
...

$ cat mqbadfd.c
#include <mqueue.h>
#include <stdio.h>

int main()
{
   printf("mq_send:\n"); fflush(stdout);
   int ret = mq_send(-1, "FOO", 3, 1);
   printf("ret = %d\n", ret); fflush(stdout);
   return 42;
}

$ gcc -o mqbadfd mqbadfd.c

$ ./mqbadfd; echo $?
mq_send:
0

$ gcc -o mqbadfd2 -O2 mqbadfd.c

$ ./mqbadfd2; echo $?
mq_send:
Segmentation fault
139

$ strace ./mqbadfd
...
   111   49460 [main] mqbadfd 23013 fhandler_console::write: 9 = 
fhandler_console::write(...)
    39   49499 [main] mqbadfd 23013 write: 9 = write(1, 0xA00017790, 9)
   211   49710 [main] mqbadfd 23013 __set_errno: 
cygheap_fdget::cygheap_fdget(int, bool, bool):631 setting errno 9
--- Process 15116 (pid: 23013), exception c0000005 at 00007ffc766fc71e
--- Process 15116 (pid: 23013) thread 4672 exited with status 0xc0000005
--- Process 15116 thread 12184 exited with status 0xc0000005
--- Process 15116 thread 16828 exited with status 0xc0000005
--- Process 15116 thread 16892 exited with status 0xc0000005
--- Process 15116 exited with status 0xc0000005
Segmentation fault

$ strace ./mqbadfd2
...
   170   22096 [main] mqbadfd2 23017 write: 9 = write(1, 0xA00017790, 9)
    71   22167 [main] mqbadfd2 23017 __set_errno: 
cygheap_fdget::cygheap_fdget(int, bool, bool):631 setting errno 9
--- Process 13872 (pid: 23017), exception c0000005 at 00007ffc766fc71e
    58   22225 [main] mqbadfd2 23017 exception::handle: In 
cygwin_except_handler exception 0xC0000005 at 0x7FFC766FC71E sp 0x7FFFFCB30
    25   22250 [main] mqbadfd2 23017 exception::handle: In 
cygwin_except_handler signal 11 at 0x7FFC766FC71E
    38   22288 [main] mqbadfd2 23017 break_here: break here
--- Process 13872 (pid: 23017), exception c0000005 at 00007ffc766fc71e
--- Process 13872 (pid: 23017), exception c0000005 at 00007ffc766fc71e
--- Process 13872 (pid: 23017), exception c0000005 at 00007ffc766fc71e
--- Process 13872 (pid: 23017), exception c0000005 at 00007ffc766fc71e
... [infinite loop - strace needs to be terminated by task manager]


Same if -fstack-protector-strong is added.

-- 
Regards,
Christian


-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple