Strange echo behaviour

Denys Vlasenko vda.linux at googlemail.com
Thu Jan 27 09:23:41 UTC 2011


On Thu, Jan 27, 2011 at 7:59 AM, Baruch Siach <baruch at tkos.co.il> wrote:
> Another related problem that I've observed with echo goes as follows:
>
> ./strace-armv5l sh -c 'echo test > /dev/input/event0'
>
> shows:
>
> write(1, "test\n", 5)                   = 16
> write(1, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 2147483647) = -1 EFAULT (Bad address)
> write(1, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4095) = 4096
> write(1, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 2147483647) = -1 EFAULT (Bad address)
> write(1, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4096) = 4096
>
> That is, the return value of write() is larger that the written buffer (is
> this legal?) so echo (or ash) tries again with a bogus count == -1.

I think this needs to be fixed in uClibc, but this looks like a grave
kernel bug.
A lot of programs will fail horribly when write returns such bogus count,
because they use something like this:

    wlile (len) {
        n = write(fd, buf, len);
        if (n <= 0) break;
        len -= n;
        buf += n;
    }

-- 
vda


More information about the busybox mailing list