Bug #966

short _file in stdio -> fd leak

Added by jschauma about 6 years ago. Updated almost 6 years ago.

Status:ClosedStart date:
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:-
Target version:-

Description

Hey,

So at work we ran into a situation where a process had to fdopen more
than 32K files, which lead to a file descriptor leak. The reason for
this leak was that while regular fds are ints, _file is a short, so if
fdopen got an fd larger than SHRT_MAX, it would get sign-extended and
thus become invalid, causing the subsequent fclose to fail.

This being FreeBSD, the fix was found and contributed back into
FreeBSD's repository by John Baldwin in
http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libc/stdio/fdopen.c.diff?r1=1.8;r2=1.9
(and other files; with surrounding discussion on
http://docs.freebsd.org/mail/archive/2008/freebsd-arch/20080302.freebsd-arch.html).

This fix was also added in NetBSD in
http://mail-index.netbsd.org/source-changes/2008/03/13/msg003463.html .
I don't know if this also affects DragonFlyBSD but maybe it should
probably be looked at.

-Jan

History

#1 Updated by joerg about 6 years ago

The file descriptor stored in FILE is int.

Joerg

#2 Updated by dblazakis almost 6 years ago

Doesn't affect DragonFly

Also available in: Atom PDF