[OpenAFS-devel] butc crash on linux/amd64

[Rainer Toebbicke]

Russ Allbery wrote:

> 
> 
>>Turns out timePtr was null.  On a guess, I changed the localtime call
>>to localtime_r (and made the other changes that required), and butc
>>stopped crashing.
> 
> 
> Hm, yes.  butc is built threaded on platforms that support it, so using a
> non-reentrant interface could potentially cause problems.  It would
> require some other thread to be calling localtime at the same time, but I
> suppose that's possible.
> 


In the concrete case of kreltime.c the main suspect is

timePtr = localtime((time_t *) & timeSecs);

On amd64 (and ia64) a time_t is 8 bytes long, while the underlying 
timeSecs (afs_int32) is still 4.

Depending on what follows timeSecs I can therefore imagine that at 
best what localtime returns is unreliable, and that at worst it 
returns NULL or even crashes.

It should probably be

time_t then = timeSecs;
timePtr = localtime(&then);

(this is not the only occasion in AFS where afs_int32s are incorrectly 
  interpreted as time_t, I was compiling a list and thus got 
interested in this).

Other than that the argument is principally correct of course, only 
that in the [insufficiently few] cases I've looked at localtime either 
just returns a pointer to a static struct tm or, in the case of 
Darwin, even uses a mutex to protect a malloc. While there remain 
enough ways to mess it up, I wonder whether this causes problems in 
practice.

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Rainer Toebbicke
European Laboratory for Particle Physics(CERN) - Geneva, Switzerland
Phone: +41 22 767 8985       Fax: +41 22 767 7155