https://bugzilla.novell.com/show_bug.cgi?id=813306 https://bugzilla.novell.com/show_bug.cgi?id=813306#c0 Summary: glibc 2.17 fprintf(stderr, ...) triggers write of undefined values if stderr is closed Classification: openSUSE Product: openSUSE 12.3 Version: Final Platform: x86-64 OS/Version: openSUSE 12.3 Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: tr@thomasrast.ch QAContact: qa-bugs@suse.de Found By: --- Blocker: --- Created an attachment (id=533396) --> (http://bugzilla.novell.com/attachment.cgi?id=533396) Test case; run with stderr closed under valgrind or strace User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130307 Firefox/17.0 conkeror/1.0pre Running the attached small program under valgrind causes a bunch of errors about undefined values: $ gcc -o die_test die_test.c $ valgrind -q --log-fd=3 ./die_test 3>&2 2>&- ==27895== Conditional jump or move depends on uninitialised value(s) ==27895== at 0x4EA864B: _IO_file_overflow@@GLIBC_2.2.5 (in /lib64/libc-2.17.so) ==27895== by 0x4EA93D8: _IO_default_xsputn (in /lib64/libc-2.17.so) ==27895== by 0x4EA7AA2: _IO_file_xsputn@@GLIBC_2.2.5 (in /lib64/libc-2.17.so) ==27895== by 0x4E7D133: buffered_vfprintf (in /lib64/libc-2.17.so) ==27895== by 0x4E77E9D: vfprintf (in /lib64/libc-2.17.so) ==27895== by 0x4E82096: fprintf (in /lib64/libc-2.17.so) ==27895== by 0x4005C2: main (in /home/thomas/BIG/tmp/die_test) ==27895== ==27895== Syscall param write(buf) points to uninitialised byte(s) ==27895== at 0x4F0C9C0: __write_nocancel (in /lib64/libc-2.17.so) ==27895== by 0x4EA71D2: _IO_file_write@@GLIBC_2.2.5 (in /lib64/libc-2.17.so) ==27895== by 0x4EA70B1: new_do_write (in /lib64/libc-2.17.so) ==27895== by 0x4EA83B4: _IO_do_write@@GLIBC_2.2.5 (in /lib64/libc-2.17.so) ==27895== by 0x4EA86FE: _IO_file_overflow@@GLIBC_2.2.5 (in /lib64/libc-2.17.so) ==27895== by 0x4EA93D8: _IO_default_xsputn (in /lib64/libc-2.17.so) ==27895== by 0x4EA7AA2: _IO_file_xsputn@@GLIBC_2.2.5 (in /lib64/libc-2.17.so) ==27895== by 0x4E7D133: buffered_vfprintf (in /lib64/libc-2.17.so) ==27895== by 0x4E77E9D: vfprintf (in /lib64/libc-2.17.so) ==27895== by 0x4E82096: fprintf (in /lib64/libc-2.17.so) ==27895== by 0x4005C2: main (in /home/thomas/BIG/tmp/die_test) ==27895== Address 0x51d9103 is 131 bytes inside data symbol "_IO_2_1_stderr_" Also, running the program with strace shows this immediately before exiting (make sure stderr is again closed): write(2, "fatal: needed a single revision\n", 32) = -1 EBADF (Bad file descriptor) write(2, "\0", 1) = -1 EBADF (Bad file descriptor) exit_group(0) = ? +++ exited with 0 +++ The fprintf() call is actually of the sort that 'git rev-parse --verify foo' runs immediately before exiting, which is how I noticed. I can't see how that could (attempt to) write a "\0". Thus it seems to be an issue with the handling of that EBADF in the implementation details of fprintf(). (I know that closing stderr isn't exactly the most brilliant idea, and I'm working on fixing that.) Reproducible: Always $ rpm -q gcc glibc gcc-4.7-7.1.1.x86_64 glibc-2.17-4.4.1.x86_64 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.