program will hang when dup and close fd opend by posix_openpt
Peiyuan Song
squallatf@gmail.com
Thu Jan 14 05:48:25 GMT 2021
dup will clone all info from `fhandler_pty_master` except pty master
control thread and pty master forwarding thread, when close that fd
the `fhandler_pty_master` heap will be reclaimed, but the thread run
on `fhandler_pty_master` object will not stop. when close duped fd,
those threads will access the reclaimed space and cause this issue.
here is a simple poc to reproduce this issue
#define _GNU_SOURCE 1
#include <stdlib.h>
#include <fcntl.h>
#include <stdio.h>
#include <unistd.h>
int main() {
static char *name;
static int mfd, sfd;
if ((mfd = posix_openpt(O_RDWR|O_NOCTTY)) < 0) {
printf("posix_openpt failed %d\n", mfd);
return 1;
}
if (!(name = ptsname(mfd))) {
printf("some failed\n");
close(mfd);
return 1;
}
int fd;
if((fd = dup(mfd)) < 0) {
printf("dup failed %d\n", fd);
return 1;
}
close(mfd);
mfd = fd;
if ((sfd = open(name, O_RDWR)) < 0) {
printf("open %s failed\n", name);
return 1;
}
printf("before close mfd %d\n", mfd);
close(mfd);
printf("after close mfd %d\n", mfd);
close(sfd);
printf("before close sfd %d\n", sfd);
return 0;
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: strace.log
Type: application/octet-stream
Size: 81904 bytes
Desc: not available
URL: <https://cygwin.com/pipermail/cygwin-developers/attachments/20210114/1ae06869/attachment-0001.obj>
More information about the Cygwin-developers
mailing list