Closed
Bug 17728
Opened 25 years ago
Closed 25 years ago
pthreads: PR_Writev hangs when writing a zero-length buffer
Categories
(NSPR :: NSPR, defect, P3)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: wtc, Assigned: wtc)
Details
Attachments
(2 files)
992 bytes,
patch
|
Details | Diff | Splinter Review | |
3.17 KB,
patch
|
Details | Diff | Splinter Review |
This bug is reported by Vinay Badami. It exists in the pthreads version only. If we call PR_Writev with a one-element PRIOVec array that describes a zero-length buffer (i.e., iov_size = 1, iov[0].iov_len = 0), PR_Writev may hang in pt_Continue. The cause of the hang is that pt_writev_cont does not deal with the possibility that writev may return 0. (Note that pt_Writev does handle that possibility.) This can happen as follows: 1. pt_Writev calls writev, which returns -1 with the error code EAGAIN. 2. pt_Writev calls pt_Continue. 3. The I/O continuation thread notices that the fd becomes writable and calls pt_writev_cont. 4. pt_writev_cont calls writev, which returns 0. This case is not dealt with and pt_writev_cont incorrectly returns PR_FALSE, causing the fd to be added back to the I/O queue. Note that the I/O continuation functions for the other output functions, such as pt_write_cont, pt_send_cont, and pt_sendto_cont, may have the same problem and should also be reviewed.
Assignee | ||
Comment 1•25 years ago
|
||
Assignee | ||
Updated•25 years ago
|
Status: NEW → ASSIGNED
Assignee | ||
Comment 2•25 years ago
|
||
I reviewed the source code and found that pt_write_cont, pt_send_cont, and pt_sendto_cont all have the same problem. I wrote test programs that can reproduce the hang in PR_Writev, PR_Write, and PR_Send. I didn't bother to reproduce the hang in PR_SendTo, because I don't know how to make a sendto to a UDP socket fail with EAGAIN.
Assignee | ||
Comment 3•25 years ago
|
||
Assignee | ||
Comment 5•25 years ago
|
||
The fix is checked into NSPR20_RELEASE_3_5_BRANCH (in the interval /m/src repository), so it will be in the NSPR 3.5.1 patch release. /m/src/ns/nspr20/pr/src/pthreads/ptio.c, revision 2.66.2.1
Assignee | ||
Updated•25 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 6•25 years ago
|
||
I merged the fix to the main trunk and added a new test zerolen.c for this bug. /cvsroot/mozilla/nsprpub/pr/src/pthreads/ptio.c, revision 3.35 /cvsroot/mozilla/nsprpub/pr/tests/zerolen.c, revision 3.1 (new file) /cvsroot/mozilla/nsprpub/pr/tests/Makefile, revision 3.40 /cvsroot/mozilla/nsprpub/pr/tests/Makefile.in, revision 1.8 /cvsroot/mozilla/nsprpub/pr/tests/runtests.ksh, revision 1.9 Also checked into the internal repository. /m/src/ns/nspr20/pr/src/pthreads/ptio.c, revision 2.76 /m/src/ns/nspr20/pr/tests/zerolen.c, revision 2.1 (new file) /m/src/ns/nspr20/pr/tests/Makefile, revision 2.70 /m/src/ns/nspr20/pr/tests/runtests.ksh, revision 2.18
You need to log in
before you can comment on or make changes to this bug.
Description
•