From jkf@outreach.wolfnet.org  Thu Apr 30 23:07:57 1998
Received: from outreach.wolfnet.org (jkf@outreach.wolfnet.org [207.173.133.202])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA05200
          for <FreeBSD-gnats-submit@freebsd.org>; Thu, 30 Apr 1998 23:07:56 -0700 (PDT)
          (envelope-from jkf@outreach.wolfnet.org)
Received: (from jkf@localhost)
	by outreach.wolfnet.org (8.8.8/8.8.8) id XAA04557;
	Thu, 30 Apr 1998 23:11:17 -0700 (PDT)
	(envelope-from jkf)
Message-Id: <199805010611.XAA04557@outreach.wolfnet.org>
Date: Thu, 30 Apr 1998 23:11:17 -0700 (PDT)
From: "Jason K. Fritcher" <jkf@outreach.wolfnet.org>
Reply-To: jkf@outreach.wolfnet.org
To: FreeBSD-gnats-submit@freebsd.org
Subject: _thread_flockfile() hangs process when given NULL file pointer.
X-Send-Pr-Version: 3.2

>Number:         6472
>Category:       misc
>Synopsis:       [PATCH] _thread_flockfile() hangs process when given NULL file pointer.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    jb
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Apr 30 23:10:01 PDT 1998
>Closed-Date:    Thu Dec 10 14:07:50 PST 1998
>Last-Modified:  Thu Dec 10 14:16:24 PST 1998
>Originator:     Jason K. Fritcher
>Release:        FreeBSD 2.2.6-STABLE i386
>Organization:
N/A
>Environment:

FreeBSD outreach.wolfnet.org 2.2.6-STABLE FreeBSD 2.2.6-STABLE #0: Wed Apr 29
19:56:05 PDT 1998 jkf@outreach.wolfnet.org:/usr/src/sys/compile/OUTREACH i386

>Description:

If _thread_flockfile() is passed a NULL file pointer, it enters fileno(), and
hangs, grabbing all idle CPU time. The only way to terminate the process is
with a 'kill -9' from another tty. By placing the call to block signals
before the first use of the pointer, the process never received sig 11 for
dereferencing a NULL pointer. As a side benefit of the patch below, the
placement of the signal block/unblock calls match with the placement in the
rest of the file, making things more consistent.

>How-To-Repeat:

Any function that calls _thread_flockfile() and is passed a NULL file
pointer with hang the process. I.E, this code.

-- Cut Here --

#include <pthread.h>
#include <stdio.h>

main
{
	FILE*	fp = NULL;

	fprintf(fp, "Hello.\n");
}

-- Cut Here --

Save that to a file, eg, hello.c.
Compile like this and then execute.
	gcc -D_THREAD_SAFE -lc_r -o hello hello.c
This will hang.

Compile so and then execute.
	gcc -o hello hello.c
This will die with a seg fault and core dump.

>Fix:

This patch will fix the problem.

*** uthread_file.c.old	Thu Apr 30 22:41:26 1998
--- uthread_file.c	Thu Apr 30 22:44:18 1998
***************
*** 42,51 ****
  	int             fd, flags;
  	int             status;
  
- 	/* Block signals: */
- 	_thread_kern_sig_block(&status);
- 
  	if ((fd = fileno(fp)) >= 0) {
  		if (fp->_flags & __SRW) {
  			flags = FD_READ | FD_WRITE;
  		} else {
--- 42,51 ----
  	int             fd, flags;
  	int             status;
  
  	if ((fd = fileno(fp)) >= 0) {
+ 		/* Block signals: */
+ 		_thread_kern_sig_block(&status);
+ 
  		if (fp->_flags & __SRW) {
  			flags = FD_READ | FD_WRITE;
  		} else {
***************
*** 58,66 ****
  
  		/* This might fail but POSIX doesn't give a damn. */
  		_thread_fd_lock(fd, flags, NULL, fname, lineno);
  	}
- 	/* Unblock signals: */
- 	_thread_kern_sig_unblock(status);
  	return;
  }
  
--- 58,67 ----
  
  		/* This might fail but POSIX doesn't give a damn. */
  		_thread_fd_lock(fd, flags, NULL, fname, lineno);
+ 
+ 		/* Unblock signals: */
+ 		_thread_kern_sig_unblock(status);
  	}
  	return;
  }
  
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->jb 
Responsible-Changed-By: steve 
Responsible-Changed-When: Sun May 3 10:51:25 PDT 1998 
Responsible-Changed-Why:  
The patch seems reasonable but let's let our resident threads 
expert take a look at it. :) 
State-Changed-From-To: open->closed 
State-Changed-By: steve 
State-Changed-When: Thu Dec 10 14:07:50 PST 1998 
State-Changed-Why:  
John B. made some pretty significant changes in revision 1.3 that 
seem to have fixed this problem along with a few others.  It has 
been merged into the -stable branch.  Try your hand at it and let 
us know if you are still having problems. 
>Unformatted:
