poll() on fifo read descriptor with non-zero timeout ==> segfault

Hi folks,

Here is a short test case I've named "fifo-read.c":

#include <fcntl.h>
#include <poll.h>
#include <stdio.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <unistd.h>

struct pollfd pfd[1];

int main() {
  int fifo;
  int poll_result;
  int timeout;

  /* Open myfifo for reading, non-blocking. */
  fifo = open("myfifo", O_RDONLY | O_NDELAY);

  if (-1 == fifo) {
    perror("open(\"myfifo\", O_RDONLY | O_NDELAY) failed");
    return 1;

  /* Set up data for poll(). */
  pfd[0].fd      = fifo;
  pfd[0].events  = POLLIN;
  pfd[0].revents = 0;
  timeout        = -1;

  fprintf(stderr, "About to enter poll()\n"); fflush(stderr);
  poll_result = poll(pfd, 1, timeout);
  fprintf(stderr, "Just returned from poll()\n"); fflush(stderr);

  switch (poll_result) {
    case -1:
      perror("poll(pfd, 1, timeout) failed");
      return 2;
    case 0:
      fprintf(stderr, "Timed out?!\n");
      return 3;

  /* At this point, read() should work. */

  return 0;

Here's what happens at the command line:

$ uname -a
CYGWIN_NT-5.1 lonestar 1.7.1(0.218/5/3) 2009-12-07 11:48 i686 Cygwin

$ gcc-4 -Wall -Werror -ansi -pedantic -o fifo-read fifo-read.c

$ mkfifo -m0600 myfifo

$ ls -l
total 29
-rw-r--r--+ 1 steve None   939 2010-02-06 20:25 fifo-read.c
-rwxr-xr-x+ 1 steve None 22792 2010-02-06 20:25 fifo-read.exe
prw-------  1 steve None     0 2010-02-06 20:25 myfifo

$ ./fifo-read
About to enter poll()
Segmentation fault (core dumped)

If I change the timeout to a positive number, it also segfaults.

If I change the timeout to zero, it works, but poll() returns
immediately with no descriptor ready to read. Not very useful.

I get identical results on two different machines, with two different
OSes (XP and 2000). Can anyone else reproduce this? Am I using poll()


