fstatfs segfault
Josh Boyer
jwboyer at gmail.com
Wed Apr 21 12:06:10 UTC 2010
Hi All,
I have a case where uClibc will segfault in the fstatfs call. The testcase
is pretty simple, and just tests the error cases that should be returned for
EBADF and EFAULT. The EFAULT case is where the crash occurs.
What seems to be happening is that the testcase calls fstatfs like this:
fstatfs(1, (void *) -1);
The testcase is testing that fstatfs returns EFAULT there, as -1 is not a valid
address space in the process. I have UCLIBC_HAS_LFS set, which seems to make
that call boil down into a call to fstatfs64 in libc/misc/statfs/fstatfs64.c.
What seems to be happening is that the fstatfs64 function will call the fstatfs
systemcall with a local 'struct statfs buf32' and then the results are copied
into the buffer that is passed in by the user. It is on the first dereference
of the user buffer that this crashes (obviously).
So I have two questions.
1) Why is uClibc not using the fstatfs64 syscall for fstatfs64 on Linux?
2) Obviously the testcase isn't going to fail as expected in the manpage due to
the use of the local buffer for the fstatfs call. I don't immediately see a way
to do the fault detection here without using the user's buffer. Is there some
other mechanism to do this that I'm not thinking of?
josh
More information about the uClibc
mailing list