GNU bug report logs - #49209
coreutils: stack out-of-bounds write in tail --follow

Previous Next

Package: coreutils;

Reported by: Kamil Dudka <kdudka <at> redhat.com>

Date: Thu, 24 Jun 2021 14:27:01 UTC

Severity: normal

Done: Paul Eggert <eggert <at> cs.ucla.edu>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Pádraig Brady <P <at> draigBrady.com>
To: 49209 <at> debbugs.gnu.org, eggert <at> cs.ucla.edu, kdudka <at> redhat.com
Subject: bug#49209: coreutils: stack out-of-bounds write in tail --follow
Date: Tue, 29 Jun 2021 00:10:42 +0100

On 27/06/2021 02:47, Paul Eggert wrote:
> On 6/24/21 8:50 AM, Paul Eggert wrote:
> 
>> inotify_init can return 1025 even if called first thing, so we also need
>> to dup2 the result of early inotify_init down to 3 (or whatever), or at
>> least to check that it's less than 1024. Choosing 3 is a tricky
>> business, since it's not clear what fds the C library actually needs.
> 
> When looking into this I decided it was cleaner to fix coreutils by
> using 'poll' instead of 'select', as Kamil suggested. I installed the
> attached patches to do that. The last patch fixes the bug.

Yes using poll() with the inotify descriptor is cleaner.
That's limited to Linux also, so should work fine.

For my reference, with the change from select() to poll() in check_output_alive(),
we'll need to be more carefully test tests/tail-2/pipe-f.sh on various platforms,
especially those where we implement missing poll (mingw, MSVC 14, HP NonStop).
If poll() didn't work here for these platforms (and we moved back to using select),
we might considering removing poll as a dependency as it would be redundant.

thanks for the fix!
Pádraig
This bug report was last modified 4 years and 19 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.