short _file in stdio -> fd leak

Jan Schaumann jschauma at netmeister.org
Thu Mar 13 10:06:31 PDT 2008


Hey,

So at work we ran into a situation where a process had to fdopen more
than 32K files, which lead to a file descriptor leak.  The reason for
this leak was that while regular fds are ints, _file is a short, so if
fdopen got an fd larger than SHRT_MAX, it would get sign-extended and
thus become invalid, causing the subsequent fclose to fail.

This being FreeBSD, the fix was found and contributed back into
FreeBSD's repository by John Baldwin in
http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libc/stdio/fdopen.c.diff?r1=1.8;r2=1.9
(and other files; with surrounding discussion on
http://docs.freebsd.org/mail/archive/2008/freebsd-arch/20080302.freebsd-arch.html).

This fix was also added in NetBSD in
http://mail-index.netbsd.org/source-changes/2008/03/13/msg003463.html .
I don't know if this also affects DragonFlyBSD but maybe it should
probably be looked at.

-Jan

-- 
"When it's fall in New York, the air smells as if someone's been frying
goats in it, and if you are keen to breathe the best plan is to open a
window and stick your head in a building."
Attachment:
pgp00001.pgp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pgp00001.pgp
Type: application/octet-stream
Size: 186 bytes
Desc: "Description: PGP signature"
URL: <http://lists.dragonflybsd.org/pipermail/bugs/attachments/20080313/2f8d1b1a/attachment-0015.obj>


More information about the Bugs mailing list