Closed Bug 17728 Opened 25 years ago Closed 25 years ago

pthreads: PR_Writev hangs when writing a zero-length buffer

Categories

(NSPR :: NSPR, defect, P3)

Product:
NSPR
Component:
NSPR
Platform:
Sun
Solaris
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: wtc, Assigned: wtc)

Details

Attachments

(2 files)

A patch intended to illustrate the bug. Not a complete fix.
992 bytes, patch
Details | Diff | Splinter Review
Proposed fix.
3.17 KB, patch
Details | Diff | Splinter Review 
This bug is reported by Vinay Badami.  It exists
in the pthreads version only.

If we call PR_Writev with a one-element
PRIOVec array that describes a zero-length
buffer (i.e., iov_size = 1, iov[0].iov_len = 0),
PR_Writev may hang in pt_Continue.

The cause of the hang is that pt_writev_cont does
not deal with the possibility that writev may
return 0.  (Note that pt_Writev does handle that
possibility.)  This can happen as follows:
1. pt_Writev calls writev, which returns -1 with
   the error code EAGAIN.
2. pt_Writev calls pt_Continue.
3. The I/O continuation thread notices that the
   fd becomes writable and calls pt_writev_cont.
4. pt_writev_cont calls writev, which returns 0.
   This case is not dealt with and pt_writev_cont
   incorrectly returns PR_FALSE, causing the fd
   to be added back to the I/O queue.

Note that the I/O continuation functions for the
other output functions, such as pt_write_cont,
pt_send_cont, and pt_sendto_cont, may have the
same problem and should also be reviewed.
Status: NEW → ASSIGNED
I reviewed the source code and found that
pt_write_cont, pt_send_cont, and pt_sendto_cont
all have the same problem.  I wrote test programs
that can reproduce the hang in PR_Writev,
PR_Write, and PR_Send.  I didn't bother to
reproduce the hang in PR_SendTo, because I
don't know how to make a sendto to a UDP
socket fail with EAGAIN.
Attached patch Proposed fix.Splinter Review 

    
    

    
  
The fix looks good.

    
    

    
  
The fix is checked into NSPR20_RELEASE_3_5_BRANCH (in the
interval /m/src repository), so it will be in the NSPR
3.5.1 patch release.
/m/src/ns/nspr20/pr/src/pthreads/ptio.c, revision 2.66.2.1

    
  
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED

    
    

    
  
I merged the fix to the main trunk and added a new test zerolen.c
for this bug.
/cvsroot/mozilla/nsprpub/pr/src/pthreads/ptio.c, revision 3.35
/cvsroot/mozilla/nsprpub/pr/tests/zerolen.c, revision 3.1 (new file)
/cvsroot/mozilla/nsprpub/pr/tests/Makefile, revision 3.40
/cvsroot/mozilla/nsprpub/pr/tests/Makefile.in, revision 1.8
/cvsroot/mozilla/nsprpub/pr/tests/runtests.ksh, revision 1.9

Also checked into the internal repository.
/m/src/ns/nspr20/pr/src/pthreads/ptio.c, revision 2.76
/m/src/ns/nspr20/pr/tests/zerolen.c, revision 2.1 (new file)
/m/src/ns/nspr20/pr/tests/Makefile, revision 2.70
/m/src/ns/nspr20/pr/tests/runtests.ksh, revision 2.18

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: