1.5.24-2: zero-length write() and ioctl() on fd -1 cause crashes
Elliott Hughes
enh@jessies.org
Tue Sep 18 18:54:00 GMT 2007
http://software.jessies.org/terminator/ uses Cygwin to provide
Windows support, and it's been most useful. i just thought i'd
mention a couple of things that caused crashes in cygwin1.dll
1.5.24-2 where that might not have been Cygwin's intent (in both
cases the application's skating on thin ice anyway).
first, if i do a zero-byte write(2) to a pty, i get a crash. POSIX
says the behavior in that situation is undefined. i haven't tested
with a regular file (where POSIX explicitly says that "write() will
return 0 and have no other results").
second, if i try to set the window size on fd -1, i get a crash:
int fd = -1;
struct winsize size;
// set size.ws_col, size.ws_row, size.ws_xpixel, and
size.ws_ypixel...
if (ioctl(fd, TIOCSWINSZ, &size) < 0) {
my interpretation of POSIX is that i should get return value -1 and
errno set to EBADF in that case. i haven't tested with other invalid
file descriptors or other requests.
i haven't tested earlier versions of cygwin1.dll.
strangely, a quick look at the Cygwin source suggests that these
cases should be taken care of. "ioctl.cc"'s ioctl starts with a
cygheap_fdget, and check_iovec would appear to take care of the 0-
byte write case for write(2).
let me know if you'd like me to investigate further. i don't have a
Windows machine myself, or i'd have done some non-source poking about
already. [i'm also not a subscriber to this list, so don't forget to
"reply all".]
--elliott
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
More information about the Cygwin
mailing list