Mercurial > hg > octave-nkf > gnulib-hg

view doc/posix-functions/fopen.texi @ 15326:52719068f9c2

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
pipe, pipe2: don't corrupt fd on error I noticed a potential subtle double-close bug in libvirt. There, a common idiom is to initialize an int fd[2]={-1,-1}, then have multiple error paths goto common cleanup code. In the cleanup code, the fds are closed if they are not already -1; this works if the error label is reached before the pipe call, or after pipe succeeds, but if it was the pipe call itself that jumped to the error label, then it is relying on failed pipe() not altering the values already in fd array prior to the failure. Our pipe2 replacement violated this assumption, and could leave a non-negative value in the array, which in turn would let libvirt close an already-closed fd, possibly nuking an unrelated fd opened by another thread that happened to get the same value. As a result, I raised a POSIX issue regarding the behavior of pipe on failure: http://austingroupbugs.net/view.php?id=467 Using that test program, I learned that most systems leave fd unchanged on error, but that mingw always assigns -1 into the array. This fixes the mingw pipe() replacement, as well as the gnulib pipe2() replacement. I don't know of any race-free way to work around a cygwin crash: http://cygwin.com/ml/cygwin/2011-06/msg00328.html - we could always open() and then close() two fds to guess whether two spare fd still remain before calling pipe(), but that is racy. * lib/pipe.c (pipe): Leave fd unchanged on error. * lib/pipe2.c (pipe2): Likewise. * doc/posix-functions/pipe.texi (pipe): Document cygwin issue. * doc/glibc-functions/pipe2.texi (pipe2): Likewise. Signed-off-by: Eric Blake <eblake@redhat.com>
author Eric Blake <eblake@redhat.com>
date Wed, 29 Jun 2011 15:46:50 -0600
parents bb0ceefd22dc
children f4cc0c20e892
line wrap: on
line source

@node fopen
@section @code{fopen}
@findex fopen

POSIX specification:@* @url{http://www.opengroup.org/onlinepubs/9699919799/functions/fopen.html}

Gnulib module: fopen

Portability problems fixed by Gnulib:
@itemize
@item
This function does not fail when the file name argument ends in a slash
and (without the slash) names a nonexistent file or a file that is not a
directory, on some platforms:
HP-UX 11.00, AIX 7.1, Solaris 9, Irix 5.3.
@item
On Windows platforms (excluding Cygwin), this function does usually not
recognize the @file{/dev/null} filename.
@end itemize

Portability problems not fixed by Gnulib:
@itemize
@item
On Windows platforms (excluding Cygwin), this function does not set @code{errno}
upon failure.
@item
On Windows, this function returns a file stream in ``text'' mode by default;
this means that it translates @code{'\n'} to CR/LF by default.  Use the
@code{"b"} flag if you need reliable binary I/O.
@item
On Windows platforms (excluding Cygwin), this function fails to open
directories for reading.  Such streams have implementation-defined
semantics on other platforms.  To avoid directory streams with a
consistent error message, use @code{fstat} after @code{open} and
@code{fdopen}, rather than @code{fopen} and @code{fileno}.
@end itemize