#4016 closed defect (fixed)

shm_unlink uses uninitialized obj_err on successful return from _POSIX_Shm_Get_by_name

Reported by: Kinsey Moore Owned by: Kinsey Moore <kinsey.moore@…>
Priority: normal Milestone: 5.1
Component: posix Version: 5
Severity: normal Keywords:
Cc: Blocked By:
Blocking:

Description

In the nominal case checked by spsysinit01, obj_err in shm_unlink is unmodified when _POSIX_Shm_Get_by_name returns non-NULL. In the case of shm_unlink, this means an uninitialized value is passed into the switch and it appears this test was passing by virtue of the stack having the right value on it in most cases.

Change History (8)

comment:1 Changed on Jun 30, 2020 at 7:55:19 AM by Chris Johns

Component: adminposix

comment:2 Changed on Aug 6, 2020 at 6:45:47 PM by Kinsey Moore

The patches to fix this for 5.x and master have been posted to the mailing list for a while now.

comment:3 Changed on Aug 10, 2020 at 5:43:55 AM by Chris Johns

Can you please provide the links to the devel list archive for the post patches?

comment:4 Changed on Aug 10, 2020 at 11:47:50 AM by Kinsey Moore

Sure, this is the first patch posted for master back in January:
https://lists.rtems.org/pipermail/devel/2020-January/056993.html

And this is the more recent patch posted for 5.x specifically for this issue:
https://lists.rtems.org/pipermail/devel/2020-June/060292.html

comment:5 Changed on Aug 10, 2020 at 11:26:50 PM by Chris Johns

Thanks. Joel or someone who knows this part of the POSIX code is going to have to review these changes. I am working towards an RC2 so if the review is not done I will be forced to bump then to 5.2.

comment:6 Changed on Aug 11, 2020 at 12:33:12 PM by Joel Sherrill

These are OK to push to the 5 branch and master. According to the mailing list archives, Gedare did review and approve one.

comment:7 Changed on Aug 11, 2020 at 12:48:50 PM by Kinsey Moore <kinsey.moore@…>

Owner: set to Kinsey Moore <kinsey.moore@…>
Resolution: fixed
Status: newclosed

In e95c00a7/rtems:

posix: Only check shm_unlink obj_err if necessary

In the nominal case checked by spsysinit01, obj_err is unmodified if
_POSIX_Shm_Get_by_name returns non-NULL. In the case of shm_unlink, this means
an uninitialized value is passed into the switch and it appears tests using it
were passing by virtue of the stack having the right value on it in most cases.
This now checks obj_err only if _POSIX_Shm_Get_by_name returns NULL.

Close #4016

comment:8 Changed on Aug 11, 2020 at 12:52:15 PM by Kinsey Moore <kinsey.moore@…>

In 14749c45/rtems:

posix: Only check shm_unlink obj_err if necessary

In the nominal case checked by spsysinit01, obj_err is unmodified if
_POSIX_Shm_Get_by_name returns non-NULL. In the case of shm_unlink, this means
an uninitialized value is passed into the switch and it appears tests using it
were passing by virtue of the stack having the right value on it in most cases.
This now checks obj_err only if _POSIX_Shm_Get_by_name returns NULL.

Close #4016

Note: See TracTickets for help on using tickets.