bug-hurd
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug #48863] rpctrace crashes (failed assert) when SEND ONCE right is ex

From: Brent Baccala
Subject: [bug #48863] rpctrace crashes (failed assert) when SEND ONCE right is extracted and then sent
Date: Tue, 23 Aug 2016 08:21:15 +0000 (UTC)
User-agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:48.0) Gecko/20100101 Firefox/48.0 
URL:
  <http://savannah.gnu.org/bugs/?48863>

                 Summary: rpctrace crashes (failed assert) when SEND ONCE
right is extracted and then sent
                 Project: The GNU Hurd
            Submitted by: baccala
            Submitted on: Tue 23 Aug 2016 08:21:13 AM GMT
                Category: Hurd
                Severity: 3 - Normal
                Priority: 5 - Normal
              Item Group: None
                  Status: None
                 Privacy: Public
             Assigned to: None
         Originator Name: 
        Originator Email: 
             Open/Closed: Open
         Discussion Lock: Any
         Reproducibility: Every Time
              Size (loc): None
         Planned Release: None
                  Effort: 0.00
Wiki-like text discussion box: 

    _______________________________________________________

Details:

Normal RPC operation is to supply a receive port to mach_msg() with
MACH_MSG_TYPE_MAKE_SEND_ONCE.  In that case, rpctrace sees the send once port
for the first time when the RPC message is sent.

This code first extracts a send once right from the receive port, then uses it
during the upcoming RPC call.  This causes rpctrace to see the port an extra
time when it comes back in the reply to mach_port_extract_right(), and it gets
wrapped.  rpctrace then sees it again during the actual RPC call, and double
wraps it, which ultimately triggers a failed assert when it tries to match a
request to the second reply.


gcc -g -Wall -D_GNU_SOURCE -o looper looper.c
touch node
settrans -a node /bin/rpctrace ./looper /
ls





    _______________________________________________________

File Attachments:


-------------------------------------------------------
Date: Tue 23 Aug 2016 08:21:13 AM GMT  Name: looper.c  Size: 6kB   By: baccala

<http://savannah.gnu.org/bugs/download.php?file_id=38326>

    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?48863>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]