Closed Bug 17728 Opened 26 years ago Closed 26 years ago

pthreads: PR_Writev hangs when writing a zero-length buffer

Categories

(NSPR :: NSPR, defect, P3)

Product:
NSPR
Component:
NSPR
Platform:
Sun
Solaris
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: wtc, Assigned: wtc)

Details

Attachments

(2 files)

A patch intended to illustrate the bug. Not a complete fix.
992 bytes, patch
Details | Diff | Splinter Review
Proposed fix.
3.17 KB, patch
Details | Diff | Splinter Review
This bug is reported by Vinay Badami. It exists in the pthreads version only. If we call PR_Writev with a one-element PRIOVec array that describes a zero-length buffer (i.e., iov_size = 1, iov[0].iov_len = 0), PR_Writev may hang in pt_Continue. The cause of the hang is that pt_writev_cont does not deal with the possibility that writev may return 0. (Note that pt_Writev does handle that possibility.) This can happen as follows: 1. pt_Writev calls writev, which returns -1 with the error code EAGAIN. 2. pt_Writev calls pt_Continue. 3. The I/O continuation thread notices that the fd becomes writable and calls pt_writev_cont. 4. pt_writev_cont calls writev, which returns 0. This case is not dealt with and pt_writev_cont incorrectly returns PR_FALSE, causing the fd to be added back to the I/O queue. Note that the I/O continuation functions for the other output functions, such as pt_write_cont, pt_send_cont, and pt_sendto_cont, may have the same problem and should also be reviewed.
Status: NEW → ASSIGNED
I reviewed the source code and found that pt_write_cont, pt_send_cont, and pt_sendto_cont all have the same problem. I wrote test programs that can reproduce the hang in PR_Writev, PR_Write, and PR_Send. I didn't bother to reproduce the hang in PR_SendTo, because I don't know how to make a sendto to a UDP socket fail with EAGAIN.
Attached patch Proposed fix.Splinter Review
The fix looks good.
The fix is checked into NSPR20_RELEASE_3_5_BRANCH (in the interval /m/src repository), so it will be in the NSPR 3.5.1 patch release. /m/src/ns/nspr20/pr/src/pthreads/ptio.c, revision 2.66.2.1
Status: ASSIGNED → RESOLVED
Closed: 26 years ago
Resolution: --- → FIXED
I merged the fix to the main trunk and added a new test zerolen.c for this bug. /cvsroot/mozilla/nsprpub/pr/src/pthreads/ptio.c, revision 3.35 /cvsroot/mozilla/nsprpub/pr/tests/zerolen.c, revision 3.1 (new file) /cvsroot/mozilla/nsprpub/pr/tests/Makefile, revision 3.40 /cvsroot/mozilla/nsprpub/pr/tests/Makefile.in, revision 1.8 /cvsroot/mozilla/nsprpub/pr/tests/runtests.ksh, revision 1.9 Also checked into the internal repository. /m/src/ns/nspr20/pr/src/pthreads/ptio.c, revision 2.76 /m/src/ns/nspr20/pr/tests/zerolen.c, revision 2.1 (new file) /m/src/ns/nspr20/pr/tests/Makefile, revision 2.70 /m/src/ns/nspr20/pr/tests/runtests.ksh, revision 2.18
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: