From nobody@FreeBSD.org  Sat Aug 13 22:47:18 2011
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id CCCC9106564A
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 13 Aug 2011 22:47:18 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id BD02D8FC0A
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 13 Aug 2011 22:47:18 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id p7DMlIpm082831
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 13 Aug 2011 22:47:18 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id p7DMlItV082821;
	Sat, 13 Aug 2011 22:47:18 GMT
	(envelope-from nobody)
Message-Id: <201108132247.p7DMlItV082821@red.freebsd.org>
Date: Sat, 13 Aug 2011 22:47:18 GMT
From: Steve Wills <swills@FreeBSD.org>
To: freebsd-gnats-submit@FreeBSD.org
Subject: [PATCH] /usr/bin/tail can call fclose(NULL) causing core dump
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         159750
>Category:       bin
>Synopsis:       [PATCH] tail(1) can call fclose(NULL) causing core dump
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    jilles
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Aug 13 22:50:07 UTC 2011
>Closed-Date:    Sun Aug 21 22:12:57 UTC 2011
>Last-Modified:  Sun Aug 21 22:12:57 UTC 2011
>Originator:     Steve Wills
>Release:        
>Organization:
>Environment:
>Description:
I've been getting core dumps from tail when the FS it's on disappears. It can call fclose with a NULL argument, which causes the crash.
>How-To-Repeat:
run tail -F /path/to/file/on/md, then destroy the md(4)
>Fix:
See attached.

Patch attached with submission follows:

--- usr.bin/tail/forward.c.orig	2011-08-13 18:04:19.054770069 -0400
+++ usr.bin/tail/forward.c	2011-08-13 18:04:23.822771648 -0400
@@ -361,7 +361,9 @@
 					if (errno != ENOENT)
 						ierr(file->file_name);
 					show(file);
-					fclose(file->fp);
+					if (file->fp != NULL) {
+						fclose(file->fp);
+					}
 					file->fp = NULL;
 					ev_change++;
 					continue;


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->analyzed 
State-Changed-By: jilles 
State-Changed-When: Sun Aug 14 12:42:57 UTC 2011 
State-Changed-Why:  
This patch appears to fix the problem. I am asking re@ for approval. 


Responsible-Changed-From-To: freebsd-bugs->jilles 
Responsible-Changed-By: jilles 
Responsible-Changed-When: Sun Aug 14 12:42:57 UTC 2011 
Responsible-Changed-Why:  
Take. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=159750 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/159750: commit references a PR
Date: Sun, 14 Aug 2011 13:37:52 +0000 (UTC)

 Author: jilles
 Date: Sun Aug 14 13:37:38 2011
 New Revision: 224865
 URL: http://svn.freebsd.org/changeset/base/224865
 
 Log:
   tail: Fix crash if -F'ed file's filesystem disappears.
   
   If tail notices that a file it is following no longer exists (because stat()
   fails), it will output any final lines and then close the file. If the read
   operation also causes an error, such as when the filesystem is forcefully
   unmounted, it closes the file as well, leading to fclose(NULL) and a
   segmentation fault.
   
   PR:		bin/159750
   Submitted by:	swills
   Approved by:	re (kib)
   MFC after:	1 week
 
 Modified:
   head/usr.bin/tail/forward.c
 
 Modified: head/usr.bin/tail/forward.c
 ==============================================================================
 --- head/usr.bin/tail/forward.c	Sun Aug 14 12:41:44 2011	(r224864)
 +++ head/usr.bin/tail/forward.c	Sun Aug 14 13:37:38 2011	(r224865)
 @@ -361,8 +361,10 @@ follow(file_info_t *files, enum STYLE st
  					if (errno != ENOENT)
  						ierr(file->file_name);
  					show(file);
 -					fclose(file->fp);
 -					file->fp = NULL;
 +					if (file->fp != NULL) {
 +						fclose(file->fp);
 +						file->fp = NULL;
 +					}
  					ev_change++;
  					continue;
  				}
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: analyzed->patched 
State-Changed-By: jilles 
State-Changed-When: Sun Aug 14 13:43:02 UTC 2011 
State-Changed-Why:  
Fixed in 9-current. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=159750 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/159750: commit references a PR
Date: Sun, 21 Aug 2011 21:00:05 +0000 (UTC)

 Author: jilles
 Date: Sun Aug 21 20:59:51 2011
 New Revision: 225067
 URL: http://svn.freebsd.org/changeset/base/225067
 
 Log:
   MFC r224865: tail: Fix crash if -F'ed file's filesystem disappears.
   
   If tail notices that a file it is following no longer exists (because stat()
   fails), it will output any final lines and then close the file. If the read
   operation also causes an error, such as when the filesystem is forcefully
   unmounted, it closes the file as well, leading to fclose(NULL) and a
   segmentation fault.
   
   PR:		bin/159750
 
 Modified:
   stable/8/usr.bin/tail/forward.c
 Directory Properties:
   stable/8/usr.bin/tail/   (props changed)
 
 Modified: stable/8/usr.bin/tail/forward.c
 ==============================================================================
 --- stable/8/usr.bin/tail/forward.c	Sun Aug 21 18:50:30 2011	(r225066)
 +++ stable/8/usr.bin/tail/forward.c	Sun Aug 21 20:59:51 2011	(r225067)
 @@ -365,8 +365,10 @@ follow(file_info_t *files, enum STYLE st
  					if (errno != ENOENT)
  						ierr(file->file_name);
  					show(file);
 -					fclose(file->fp);
 -					file->fp = NULL;
 +					if (file->fp != NULL) {
 +						fclose(file->fp);
 +						file->fp = NULL;
 +					}
  					ev_change++;
  					continue;
  				}
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/159750: commit references a PR
Date: Sun, 21 Aug 2011 22:09:39 +0000 (UTC)

 Author: jilles
 Date: Sun Aug 21 22:09:30 2011
 New Revision: 225068
 URL: http://svn.freebsd.org/changeset/base/225068
 
 Log:
   MFC r224865: tail: Fix crash if -F'ed file's filesystem disappears.
   
   If tail notices that a file it is following no longer exists (because stat()
   fails), it will output any final lines and then close the file. If the read
   operation also causes an error, such as when the filesystem is forcefully
   unmounted, it closes the file as well, leading to fclose(NULL) and a
   segmentation fault.
   
   PR:		bin/159750
 
 Modified:
   stable/7/usr.bin/tail/forward.c
 Directory Properties:
   stable/7/usr.bin/tail/   (props changed)
 
 Modified: stable/7/usr.bin/tail/forward.c
 ==============================================================================
 --- stable/7/usr.bin/tail/forward.c	Sun Aug 21 20:59:51 2011	(r225067)
 +++ stable/7/usr.bin/tail/forward.c	Sun Aug 21 22:09:30 2011	(r225068)
 @@ -365,8 +365,10 @@ follow(file_info_t *files, enum STYLE st
  					if (errno != ENOENT)
  						ierr(file->file_name);
  					show(file);
 -					fclose(file->fp);
 -					file->fp = NULL;
 +					if (file->fp != NULL) {
 +						fclose(file->fp);
 +						file->fp = NULL;
 +					}
  					ev_change++;
  					continue;
  				}
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: patched->closed 
State-Changed-By: jilles 
State-Changed-When: Sun Aug 21 22:12:13 UTC 2011 
State-Changed-Why:  
Applied to 9-current, 8-stable and 7-stable. Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=159750 
>Unformatted:
