GNU bug report logs -
#15970
[Bug-tar] Crash in gettext() after fork() on Mac OS X
Previous Next
Reported by: Paul Eggert <eggert <at> cs.ucla.edu>
Date: Mon, 25 Nov 2013 00:11:02 UTC
Severity: normal
Done: Pádraig Brady <P <at> draigBrady.com>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 15970 in the body.
You can then email your comments to 15970 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-coreutils <at> gnu.org:
bug#15970; Package
coreutils.
(Mon, 25 Nov 2013 00:11:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Paul Eggert <eggert <at> cs.ucla.edu>:
New bug report received and forwarded. Copy sent to
bug-coreutils <at> gnu.org.
(Mon, 25 Nov 2013 00:11:03 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
Eric Blake wrote:
> I bet coreutils' sort has a similar bug
[Adding bug-coreutils to the CC:.]
Coreutils 'sort' runs into this problem only
if dup2 fails when called from move_fd_or_die
or if execlp fails.
dup2 should never fail when it's called
the way that 'sort' calls it. So perhaps
'sort' should be simplified to call dup2
and discard its return value.
And when execlp fails, 'sort' could _exit
with a special value, so that the parent
could report the failure.
Information forwarded
to
bug-coreutils <at> gnu.org:
bug#15970; Package
coreutils.
(Tue, 26 Nov 2013 03:07:01 GMT)
Full text and
rfc822 format available.
Message #8 received at 15970 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On 11/25/2013 12:10 AM, Paul Eggert wrote:
> Eric Blake wrote:
>> I bet coreutils' sort has a similar bug
>
> [Adding bug-coreutils to the CC:.]
Referencing the original coreutils thread from the new bug:
http://lists.gnu.org/archive/html/coreutils/2013-11/msg00083.html
> Coreutils 'sort' runs into this problem only
> if dup2 fails when called from move_fd_or_die
> or if execlp fails.
Right.
> dup2 should never fail when it's called
> the way that 'sort' calls it. So perhaps
> 'sort' should be simplified to call dup2
> and discard its return value.
>
> And when execlp fails, 'sort' could _exit
> with a special value, so that the parent
> could report the failure.
For both cases we could _exit(errno),
which the parent would get with waitpid().
Interestingly, currently the parent only
notices an error after stdio eventually issues a write(),
at which point the parent receives SIGPIPE and
exits with status 141 (128 + SIGPIPE).
If instead the parent caught sigchld it
could waitpid() to get the status more directly.
Though there are various gotchas with sigchld handling,
and we'd have to handle the reap() error() calls
outside of the signal handler. This would also be
the case if we wanted to reap on SIGPIPE.
So at first glance this seems to be a bit overcomplicated
for what it's solving.
How about the attached instead that just uses
a somewhat degraded but simpler error() equivalent.
thanks,
Pádraig.
[sort-async-safe.patch (text/x-patch, attachment)]
Information forwarded
to
bug-coreutils <at> gnu.org:
bug#15970; Package
coreutils.
(Tue, 26 Nov 2013 04:56:01 GMT)
Full text and
rfc822 format available.
Message #11 received at 15970 <at> debbugs.gnu.org (full text, mbox):
Pádraig Brady wrote:
> How about the attached instead that just uses
> a somewhat degraded but simpler error() equivalent.
That looks safe, though it could be simplified:
use inttostr instead of repeating its body,
and since !!p == !!errnum there's no need
to have those duplicate conditions.
Plus, just use STDERR_FILENO rather than
fiddling with fileno (stderr), and async_safe_error
should be _Noreturn and should unconditionally call
_exit. And, I wouldn't bother looking at dup2's
return value, any more than we look at close's.
Information forwarded
to
bug-coreutils <at> gnu.org:
bug#15970; Package
coreutils.
(Tue, 26 Nov 2013 10:55:01 GMT)
Full text and
rfc822 format available.
Message #14 received at 15970 <at> debbugs.gnu.org (full text, mbox):
Are you using "ignore_value" because of the gcc bug that ignores the official
method to tell that the return code is ignored intentionally:
(void) write(fd, buf, len);
Jörg
--
EMail:joerg <at> schily.isdn.cs.tu-berlin.de (home) Jörg Schilling D-13353 Berlin
js <at> cs.tu-berlin.de (uni)
joerg.schilling <at> fokus.fraunhofer.de (work) Blog: http://schily.blogspot.com/
URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily
Reply sent
to
Pádraig Brady <P <at> draigBrady.com>:
You have taken responsibility.
(Tue, 26 Nov 2013 12:24:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Paul Eggert <eggert <at> cs.ucla.edu>:
bug acknowledged by developer.
(Tue, 26 Nov 2013 12:24:05 GMT)
Full text and
rfc822 format available.
Message #19 received at 15970-done <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On 11/26/2013 04:55 AM, Paul Eggert wrote:
> Pádraig Brady wrote:
>
>> How about the attached instead that just uses
>> a somewhat degraded but simpler error() equivalent.
>
> That looks safe, though it could be simplified:
> use inttostr instead of repeating its body,
Hah, I was thinking this must be done somewhere else :)
> and since !!p == !!errnum there's no need
> to have those duplicate conditions.
I meant to use (p || errstr), but let's assume
errstr is present, so yes we can then remove condition.
> Plus, just use STDERR_FILENO rather than
> fiddling with fileno (stderr),
done
> and async_safe_error
> should be _Noreturn and should unconditionally call
> _exit.
fair enough. I changed the name so to async_safe_die()
> And, I wouldn't bother looking at dup2's
> return value, any more than we look at close's.
Updated patch attached.
thanks!
Pádraig.
[sort-async-safe.patch (text/x-patch, attachment)]
Information forwarded
to
bug-coreutils <at> gnu.org:
bug#15970; Package
coreutils.
(Tue, 26 Nov 2013 12:36:01 GMT)
Full text and
rfc822 format available.
Message #22 received at 15970 <at> debbugs.gnu.org (full text, mbox):
On 11/26/2013 10:53 AM, Joerg Schilling wrote:
>
> Are you using "ignore_value" because of the gcc bug that ignores the official
> method to tell that the return code is ignored intentionally:
>
> (void) write(fd, buf, len);
Right: http://git.sv.gnu.org/gitweb/?p=gnulib.git;a=blob;f=lib/ignore-value.h;hb=HEAD
I thought it marginally cleaner to use that,
than to have a goto to just _exit() on write error.
thanks,
Pádraig.
Information forwarded
to
bug-coreutils <at> gnu.org:
bug#15970; Package
coreutils.
(Tue, 26 Nov 2013 20:35:02 GMT)
Full text and
rfc822 format available.
Message #25 received at 15970 <at> debbugs.gnu.org (full text, mbox):
On 11/26/2013 04:23 AM, Pádraig Brady wrote:
> Updated patch attached.
Thanks, looks good. Hmm, I don't see the patch committed
but the bug is marked as closed?
Information forwarded
to
bug-coreutils <at> gnu.org:
bug#15970; Package
coreutils.
(Tue, 26 Nov 2013 22:11:01 GMT)
Full text and
rfc822 format available.
Message #28 received at 15970 <at> debbugs.gnu.org (full text, mbox):
Hi Pádraig,
Thanks for dealing with that. Your patch looks correct.
Did you consider using inttostr in place of that first part of async_safe_error?
Information forwarded
to
bug-coreutils <at> gnu.org:
bug#15970; Package
coreutils.
(Wed, 27 Nov 2013 01:26:02 GMT)
Full text and
rfc822 format available.
Message #31 received at 15970 <at> debbugs.gnu.org (full text, mbox):
On 11/26/2013 10:09 PM, Jim Meyering wrote:
> Hi Pádraig,
>
> Thanks for dealing with that. Your patch looks correct.
> Did you consider using inttostr in place of that first part of async_safe_error?
Paul suggested that too and I've pushed an updated patch now.
I'd searched for INTTOSTR without luck, and in my tired state
just open coded it meaning to come back and search for the routine :)
thanks,
Pádraig.
Information forwarded
to
bug-coreutils <at> gnu.org:
bug#15970; Package
coreutils.
(Wed, 27 Nov 2013 14:40:03 GMT)
Full text and
rfc822 format available.
Message #34 received at 15970 <at> debbugs.gnu.org (full text, mbox):
On Wed, Nov 27, 2013 at 01:25:52AM +0000, Pádraig Brady wrote:
> On 11/26/2013 10:09 PM, Jim Meyering wrote:
> > Hi Pádraig,
> >
> > Thanks for dealing with that. Your patch looks correct.
> > Did you consider using inttostr in place of that first part of async_safe_error?
>
> Paul suggested that too and I've pushed an updated patch now.
> I'd searched for INTTOSTR without luck, and in my tired state
> just open coded it meaning to come back and search for the routine :)
>
> thanks,
> Pádraig.
Pádraig,
What revision was the commit? Also was the commit to the tar or gnulib git? I ask
because neither's web interface is showing a recent commit for this fix. Thanks in
advance so we can test this fix on darwin.
Jack
>
>
Information forwarded
to
bug-coreutils <at> gnu.org:
bug#15970; Package
coreutils.
(Wed, 27 Nov 2013 14:58:02 GMT)
Full text and
rfc822 format available.
Message #37 received at 15970 <at> debbugs.gnu.org (full text, mbox):
On 11/27/2013 02:38 PM, Jack Howarth wrote:
> On Wed, Nov 27, 2013 at 01:25:52AM +0000, Pádraig Brady wrote:
>> On 11/26/2013 10:09 PM, Jim Meyering wrote:
>>> Hi Pádraig,
>>>
>>> Thanks for dealing with that. Your patch looks correct.
>>> Did you consider using inttostr in place of that first part of async_safe_error?
>>
>> Paul suggested that too and I've pushed an updated patch now.
>> I'd searched for INTTOSTR without luck, and in my tired state
>> just open coded it meaning to come back and search for the routine :)
>>
>> thanks,
>> Pádraig.
>
> Pádraig,
> What revision was the commit? Also was the commit to the tar or gnulib git? I ask
> because neither's web interface is showing a recent commit for this fix. Thanks in
> advance so we can test this fix on darwin.
Sorry there was some crossposting going on.
My commit was only precautionary and for coreutils sort:
http://git.sv.gnu.org/gitweb/?p=coreutils.git;a=commit;h=39e0c9ba
thanks,
Pádraig.
Information forwarded
to
bug-coreutils <at> gnu.org:
bug#15970; Package
coreutils.
(Wed, 27 Nov 2013 16:32:02 GMT)
Full text and
rfc822 format available.
Message #40 received at 15970 <at> debbugs.gnu.org (full text, mbox):
Pádraig Brady <P <at> draigBrady.com> wrote:
> On 11/26/2013 10:53 AM, Joerg Schilling wrote:
> >
> > Are you using "ignore_value" because of the gcc bug that ignores the official
> > method to tell that the return code is ignored intentionally:
> >
> > (void) write(fd, buf, len);
>
> Right: http://git.sv.gnu.org/gitweb/?p=gnulib.git;a=blob;f=lib/ignore-value.h;hb=HEAD
>
> I thought it marginally cleaner to use that,
> than to have a goto to just _exit() on write error.
Do you believe this is the right method to deal with the problem?
It will most likely prevent to create enough pressure on the GCC people to fix
the current warning problem.
Jörg
--
EMail:joerg <at> schily.isdn.cs.tu-berlin.de (home) Jörg Schilling D-13353 Berlin
js <at> cs.tu-berlin.de (uni)
joerg.schilling <at> fokus.fraunhofer.de (work) Blog: http://schily.blogspot.com/
URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily
Information forwarded
to
bug-coreutils <at> gnu.org:
bug#15970; Package
coreutils.
(Wed, 27 Nov 2013 16:45:01 GMT)
Full text and
rfc822 format available.
Message #43 received at 15970 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On 11/27/2013 09:30 AM, Joerg Schilling wrote:
>>> Are you using "ignore_value" because of the gcc bug that ignores the official
>>> method to tell that the return code is ignored intentionally:
>>>
>>> (void) write(fd, buf, len);
The C standard does not document that '(void) write(...)' is required to
avoid diagnostics, so I don't see the gcc behavior as a bug (yes, it's
annoying behavior, but that doesn't make it incorrect behavior).
> Do you believe this is the right method to deal with the problem?
We're already stuck with compilers in the wild where casting to void is
insufficient to shut up the compiler warnings, so at this point in time,
any GNU code that wants to avoid warnings is better off using gnulib's
ignore_value() than a cast to void. At which point, it should not
matter what ignore_value() uses under the hood (personally, I PREFER use
of ignore_value() - function syntax is easier to read as declaring the
intent of what I'm doing than cast syntax, and a coding style that
minimizes casts is preferred).
> It will most likely prevent to create enough pressure on the GCC people to fix
> the current warning problem.
No, I don't think that gnulib's use of ignore_value() is enough pressure
to make gcc change their warning behavior. Nor do I care - even if gcc
changes behavior, I still plan on using ignore_value() (and let gnulib
figure out how to map ignore_value to the most efficient semantics for
each compiler it is tested with).
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
[signature.asc (application/pgp-signature, attachment)]
Information forwarded
to
bug-coreutils <at> gnu.org:
bug#15970; Package
coreutils.
(Wed, 27 Nov 2013 16:54:02 GMT)
Full text and
rfc822 format available.
Message #46 received at 15970 <at> debbugs.gnu.org (full text, mbox):
Eric Blake <eblake <at> redhat.com> wrote:
> On 11/27/2013 09:30 AM, Joerg Schilling wrote:
> >>> Are you using "ignore_value" because of the gcc bug that ignores the official
> >>> method to tell that the return code is ignored intentionally:
> >>>
> >>> (void) write(fd, buf, len);
>
> The C standard does not document that '(void) write(...)' is required to
> avoid diagnostics, so I don't see the gcc behavior as a bug (yes, it's
> annoying behavior, but that doesn't make it incorrect behavior).
Well, there is a more than 30 year history of lint that causes
'(void) write(...)' to be accepted without a warning.
Jörg
--
EMail:joerg <at> schily.isdn.cs.tu-berlin.de (home) Jörg Schilling D-13353 Berlin
js <at> cs.tu-berlin.de (uni)
joerg.schilling <at> fokus.fraunhofer.de (work) Blog: http://schily.blogspot.com/
URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily
Information forwarded
to
bug-coreutils <at> gnu.org:
bug#15970; Package
coreutils.
(Wed, 27 Nov 2013 16:58:02 GMT)
Full text and
rfc822 format available.
Message #49 received at 15970 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On 11/27/2013 09:53 AM, Joerg Schilling wrote:
>> The C standard does not document that '(void) write(...)' is required to
>> avoid diagnostics, so I don't see the gcc behavior as a bug (yes, it's
>> annoying behavior, but that doesn't make it incorrect behavior).
>
> Well, there is a more than 30 year history of lint that causes
> '(void) write(...)' to be accepted without a warning.
So? Lint is not gcc, and gcc is not lint. Different compilers have
different capabilities at producing warnings, and you cannot expect that
something that works warning-free on one compiler will remain
warning-free on other compilers (even later versions of the same
compiler). Warnings are an art form, and not an exact science,
precisely because the C standard does not (rather, cannot) specify them.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
[signature.asc (application/pgp-signature, attachment)]
Information forwarded
to
bug-coreutils <at> gnu.org:
bug#15970; Package
coreutils.
(Wed, 27 Nov 2013 17:07:01 GMT)
Full text and
rfc822 format available.
Message #52 received at 15970 <at> debbugs.gnu.org (full text, mbox):
Eric Blake <eblake <at> redhat.com> wrote:
> On 11/27/2013 09:53 AM, Joerg Schilling wrote:
> >> The C standard does not document that '(void) write(...)' is required to
> >> avoid diagnostics, so I don't see the gcc behavior as a bug (yes, it's
> >> annoying behavior, but that doesn't make it incorrect behavior).
> >
> > Well, there is a more than 30 year history of lint that causes
> > '(void) write(...)' to be accepted without a warning.
>
> So? Lint is not gcc, and gcc is not lint. Different compilers have
> different capabilities at producing warnings, and you cannot expect that
> something that works warning-free on one compiler will remain
> warning-free on other compilers (even later versions of the same
> compiler). Warnings are an art form, and not an exact science,
> precisely because the C standard does not (rather, cannot) specify them.
If you like to stay in an environment that is based on GCC only, you may use
ignore_value(). If you however like to write portable code, you cannot expect
something like ignore_value() to be available. Given the fact that other
compilers honor the (void) cast, it seems that gcc is trying to be different in
a way that just causes pain but that does not give extra value.
Jörg
--
EMail:joerg <at> schily.isdn.cs.tu-berlin.de (home) Jörg Schilling D-13353 Berlin
js <at> cs.tu-berlin.de (uni)
joerg.schilling <at> fokus.fraunhofer.de (work) Blog: http://schily.blogspot.com/
URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily
Information forwarded
to
bug-coreutils <at> gnu.org:
bug#15970; Package
coreutils.
(Wed, 27 Nov 2013 17:12:01 GMT)
Full text and
rfc822 format available.
Message #55 received at 15970 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On 11/27/2013 10:05 AM, Joerg Schilling wrote:
> If you like to stay in an environment that is based on GCC only, you may use
> ignore_value(). If you however like to write portable code, you cannot expect
> something like ignore_value() to be available.
False. Gnulib already takes care of that; it #defines ignore_value(e)
to ((void)(e)) on all non-gcc compilers. In other words, ignore_value()
is portable to ANY standards-compliant compiler, and ALSO has the
benefit of shutting up warnings on as many compilers as gnulib knows how
to test.
> Given the fact that other
> compilers honor the (void) cast,
GCC honors (void) casting - but that doesn't shut up the warning. Just
because the standards require (void)expression to compile (and gcc
compiles it just fine) doesn't mean that the compiler can't warn about
it being suspicious.
> it seems that gcc is trying to be different in
> a way that just causes pain but that does not give extra value.
Maybe, but that cat is already out of the bag, and cross-posting to
these lists is not the effective forum to do anything about it.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
[signature.asc (application/pgp-signature, attachment)]
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Thu, 26 Dec 2013 12:24:04 GMT)
Full text and
rfc822 format available.
This bug report was last modified 10 years and 140 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.