[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Patches] lio_listio() doesn't validate the aio_lio_opcode?



On Fri, Feb 17, 2012 at 9:43 AM, Khem Raj <raj.khem@xxxxxxxxx> wrote:
> On Fri, Feb 17, 2012 at 1:46 AM, Kang Kai <Kai.Kang@xxxxxxxxxxxxx> wrote:
>> Hi All,
>>
>> If pass a invalid aio_lio_opcode to lio_listio() with mode LIO_NOWAIT, it
>> return 0 which means success. Is this the proper action for invalid
>> aio_lio_opcode?
>>
>> I check the source code ./sysdeps/pthread/lio_listio.c Line 81:
>>
>> if (list[cnt] != NULL && list[cnt]->aio_lio_opcode != LIO_NOP)
>>
>> it just checks aio_lio_opcode is not LIO_NOP then enqueue the request? I
>> wonder this is buggy.
>
> for aio_lio_opcode posix says "The supported operations are LIO_READ,
> LIO_WRITE, and LIO_NOP"
>
> but it does not say what should happen if the value it not one of the above
> so IMO its not a bug but falls into undefined behavior.

The value gets passed down to the AIO layer.

In sysdeps/pthread/aio_misc.c we have code to process LIO_READ,
LIO_WRITE, LIO_DYSNC, LIO_SYNC and then:
~~~
          else
            {
              /* This is an invalid opcode.  */
              aiocbp->aiocb.__return_value = -1;
              __set_errno (EINVAL);
            }
~~~

However, LIO_READ == LIO_WAIT, so your LIO_WAIT is processed as a LIO_READ.

Cheers,
Carlos.
_______________________________________________
Patches mailing list
Patches@xxxxxxxxxx
http://eglibc.org/cgi-bin/mailman/listinfo/patches