closedir()

closedir()

[De Paula, Judah]

[-- Attachment #1: Type: text/plain, Size: 1376 bytes --]

Hi MUSLers,

Possible bug report?  I’m not on your DL, but would like to hear back if you find this helpful.

I’m working on an internal corporate application using Docker and Alpine.  Under normal Fedora my app calls closedir(NULL) and a -1 is returned.  Under MUSL, it segfaults.  I’m changing the code to not call closedir() with a null pointer, but I’m not certain segfaults are considered Working As Designed.

http://man7.org/linux/man-pages/man3/closedir.3.html

Thank you,
Judah


This communication is for use by the intended recipient and contains information that may be Privileged, confidential or copyrighted under applicable law. If you are not the intended recipient, you are hereby formally notified that any use, copying or distribution of this e-mail,in whole or in part, is strictly prohibited. Please notify the sender by return e-mail and delete this e-mail from your system. Unless explicitly and conspicuously designated as "E-Contract Intended", this e-mail does not constitute a contract offer, a contract amendment, or an acceptance of a contract offer. This e-mail does not constitute a consent to the use of sender's contact information for direct marketing purposes or for transfers of data to third parties. Francais Deutsch Italiano Espanol Portugues Japanese Chinese Korean http://www.DuPont.com/corp/email_disclaimer.html

[-- Attachment #2: Type: text/html, Size: 3608 bytes --]

Re: closedir()

[Rich Felker]

On Thu, Jan 31, 2019 at 09:58:06PM +0000, De Paula, Judah wrote:
> Hi MUSLers,
> 
> Possible bug report? I’m not on your DL, but would like to hear back
> if you find this helpful.
> 
> I’m working on an internal corporate application using Docker and
> Alpine. Under normal Fedora my app calls closedir(NULL) and a -1 is
> returned. Under MUSL, it segfaults. I’m changing the code to not
> call closedir() with a null pointer, but I’m not certain segfaults
> are considered Working As Designed.
> 
> http://man7.org/linux/man-pages/man3/closedir.3.html

Hi,

Passing an invalid pointer to closedir is undefined behavior, and in
musl the preferred effect for undefined behavior when it's not costly
to attempt to detect is a quick crash so that the point of error in
the program can be identified and fixed.

For what it's worth, glibc has also adopted this view based on text I
wrote:

https://sourceware.org/glibc/wiki/Style_and_Conventions#Invalid_pointers

However I doubt they will change existing functions where they have
traditionally accepted null arguments as a nop.

Rich

Re: closedir()

[Jorge Almeida]

On Fri, Feb 1, 2019 at 12:27 AM Rich Felker <dalias@libc.org> wrote:
>
> On Thu, Jan 31, 2019 at 09:58:06PM +0000, De Paula, Judah wrote:

> > http://man7.org/linux/man-pages/man3/closedir.3.html
>
> Hi,
>
> Passing an invalid pointer to closedir is undefined behavior, and in
> musl the preferred effect for undefined behavior when it's not costly
> to attempt to detect is a quick crash so that the point of error in
> the program can be identified and fixed.
>

Is there a standard that says it is undefined behavior? According to
the man page quoted by the OP, and also according to
http://pubs.opengroup.org/onlinepubs/007904975/functions/closedir.html,
it should return -1 and set errno to EBADF.
Some of us _do_ check return codes. Getting a segfault doesn't seem
more helpful than a message saying which function failed and why. As
an amateur, I'm just trying to figure out what to do when I need to
use a function I'm not very familiar with. Reading the manual seems
pointless. Can you suggest a reliable, accessible source of
information?

Thanks,

Jorge Almeida

Re: closedir()

[Rich Felker]

On Fri, Feb 01, 2019 at 01:03:17AM +0000, Jorge Almeida wrote:
> On Fri, Feb 1, 2019 at 12:27 AM Rich Felker <dalias@libc.org> wrote:
> >
> > On Thu, Jan 31, 2019 at 09:58:06PM +0000, De Paula, Judah wrote:
> 
> > > http://man7.org/linux/man-pages/man3/closedir.3.html
> >
> > Hi,
> >
> > Passing an invalid pointer to closedir is undefined behavior, and in
> > musl the preferred effect for undefined behavior when it's not costly
> > to attempt to detect is a quick crash so that the point of error in
> > the program can be identified and fixed.
> >
> 
> Is there a standard that says it is undefined behavior? According to
> the man page quoted by the OP, and also according to
> http://pubs.opengroup.org/onlinepubs/007904975/functions/closedir.html,
> it should return -1 and set errno to EBADF.

That's a "may fail", not a "shall fail". The only way to impose
failure for any argument that's not a valid DIR* is to keep an index
of all open DIR*'s and search it. This is wasteful and pointless. We
actually do it for dlsym/dlclose and library handles, since POSIX
requires it there, but it's awful.

> Some of us _do_ check return codes. Getting a segfault doesn't seem
> more helpful than a message saying which function failed and why. As

You don't get a message unless you actively check the return value and
print one yourself. Most callers will not, especially since there is
no way closedir can fail except for erroneous usage (except EINTR, but
due to historical inconsistency, calling any close function in a
context where it could EINTR is a really, really bad idea). As such,
most incorrect code will go uncaught if closedir just returns an
error; the start of this thread is an example of code that didn't get
caught until used with musl.

> an amateur, I'm just trying to figure out what to do when I need to
> use a function I'm not very familiar with. Reading the manual seems
> pointless. Can you suggest a reliable, accessible source of
> information?

The standard is the best, but your link is an outdated version. Here
is the current one:

http://pubs.opengroup.org/onlinepubs/9699919799/functions/closedir.html

Rich

Re: closedir()

[Jorge Almeida]

On Fri, Feb 1, 2019 at 2:30 AM Rich Felker <dalias@libc.org> wrote:
>
> On Fri, Feb 01, 2019 at 01:03:17AM +0000, Jorge Almeida wrote:
> > On Fri, Feb 1, 2019 at 12:27 AM Rich Felker <dalias@libc.org> wrote:
> > >

> >
> > Is there a standard that says it is undefined behavior? According to
> > the man page quoted by the OP, and also according to
> > http://pubs.opengroup.org/onlinepubs/007904975/functions/closedir.html,
> > it should return -1 and set errno to EBADF.
>
> That's a "may fail", not a "shall fail". The only way to impose
Indeed, there is "may" in "ERRORS", but there is "shall" in "RETURN VALUE".

> > Some of us _do_ check return codes. Getting a segfault doesn't seem
> > more helpful than a message saying which function failed and why. As
>
> You don't get a message unless you actively check the return value and

Yes, of course. But I cannot print it if the program segfaults.

> print one yourself. Most callers will not, especially since there is

Sure, but isn't that sloppy programming? I'm sure there are technical
reasons to choose a particular implementation strategy, and I don't
presume to be qualified to judge. Still, I can't help to feel
frustrated and I do think this kind of frustration should befall on
such programmers as will call a non void system function and won't
bother to check the return value.
>
> > an amateur, I'm just trying to figure out what to do when I need to
> > use a function I'm not very familiar with. Reading the manual seems
> > pointless. Can you suggest a reliable, accessible source of
> > information?
>
> The standard is the best, but your link is an outdated version. Here
> is the current one:
>
> http://pubs.opengroup.org/onlinepubs/9699919799/functions/closedir.html

Thank you, bookmark updated.

Jorge
>