This is an archive of the discontinued LLVM Phabricator instance.

Differential D64979

[libc++] Set __file_ to 0 in basic_filebuf::close() even if fclose fails
ClosedPublic

Authored by phosek on Jul 19 2019, 12:46 AM.

Details

Reviewers
ldionne
EricWF
mclow.lists
Commits
rG89385633ba1f: [libc++] Set __file_ to 0 in basic_filebuf::close() even if fclose fails
rCXX366730: [libc++] Set __file_ to 0 in basic_filebuf::close() even if fclose fails
rL366730: [libc++] Set __file_ to 0 in basic_filebuf::close() even if fclose fails
Summary

This issue was detected by ASan in one of our tests. This test manually
invokes basic_filebuf::cloe(). fclose(h.release() returned a non-zero
exit status, so file_ wasn't set to 0. Later when basic_filebuf
destructor ran, we would enter the if (__file_) block again leading to
heap-use-after-free error.

The POSIX specification for fclose says that independently of the return
value, fclose closes the underlying file descriptor and any further
access (including another call to fclose()) to the stream results in
undefined behavior. This is exactly what happened in our test case.

To avoid this issue, we have to always set __file_ to 0 independently of
the fclose return value.

Diff Detail

Repository
rL LLVM

Event Timeline

phosek created this revision.Jul 19 2019, 12:46 AM
Herald added subscribers: libcxx-commits, dexonsmith, christof. · View Herald TranscriptJul 19 2019, 12:46 AM
ldionne requested changes to this revision.Jul 19 2019, 5:02 AM

Is it possible to add a test case?

This revision now requires changes to proceed.Jul 19 2019, 5:02 AM
phosek added a comment.Jul 19 2019, 8:24 AM
In D64979#1593299, @ldionne wrote:

Is it possible to add a test case?

Yes, but I need to figure out a way to make fclose fail reliably inside the test.

phosek updated this revision to Diff 210927.Jul 19 2019, 4:08 PM

Test added, would it be possible to take a look?

ldionne accepted this revision.Jul 22 2019, 9:38 AM

LGTM if you leave a comment explaining the test.

libcxx/test/std/input.output/file.streams/fstreams/filebuf.members/close.pass.cpp
11 ↗(On Diff #210927)

typo: close();

This revision is now accepted and ready to land.Jul 22 2019, 9:38 AM
phosek updated this revision to Diff 211170.Jul 22 2019, 12:50 PM
phosek marked an inline comment as done.
Closed by commit rL366730: [libc++] Set __file_ to 0 in basic_filebuf::close() even if fclose fails (authored by phosek). · Explain WhyJul 22 2019, 12:54 PM
This revision was automatically updated to reflect the committed changes.
Herald added a project: Restricted Project. · View Herald TranscriptJul 22 2019, 12:54 PM
Herald added a subscriber: llvm-commits. · View Herald Transcript

Revision Contents

PathSize
libcxx/
trunk/
include/
5 lines
test/
std/
input.output/
file.streams/
fstreams/
filebuf.members/
56 lines

Diff 211172

libcxx/trunk/include/fstream

Show First 20 LinesShow All 691 Lines▼ Show 20 Lines
{ {
basic_filebuf<_CharT, _Traits>* __rt = 0; basic_filebuf<_CharT, _Traits>* __rt = 0;
if (__file_) if (__file_)
{ {
__rt = this; __rt = this;
unique_ptr<FILE, int(*)(FILE*)> __h(__file_, fclose); unique_ptr<FILE, int(*)(FILE*)> __h(__file_, fclose);
if (sync()) if (sync())
__rt = 0; __rt = 0;
if (fclose(__h.release()) == 0) if (fclose(__h.release()))
__file_ = 0;
else
__rt = 0; __rt = 0;
__file_ = 0;
setbuf(0, 0); setbuf(0, 0);
} }
return __rt; return __rt;
} }
template <class _CharT, class _Traits> template <class _CharT, class _Traits>
typename basic_filebuf<_CharT, _Traits>::int_type typename basic_filebuf<_CharT, _Traits>::int_type
basic_filebuf<_CharT, _Traits>::underflow() basic_filebuf<_CharT, _Traits>::underflow()
▲ Show 20 LinesShow All 1,053 LinesShow Last 20 Lines

libcxx/trunk/test/std/input.output/file.streams/fstreams/filebuf.members/close.pass.cpp

//===----------------------------------------------------------------------===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
// <fstream>
// basic_filebuf<charT,traits>* close();
#include <fstream>
#include <cassert>
#if defined(__unix__)
#include <fcntl.h>
#include <unistd.h>
#endif
#include "test_macros.h"
#include "platform_support.h"
int main(int, char**)
{
std::string temp = get_temp_file_name();
{
std::filebuf f;
assert(!f.is_open());
assert(f.open(temp.c_str(), std::ios_base::out) != 0);
assert(f.is_open());
assert(f.close() != nullptr);
assert(!f.is_open());
assert(f.close() == nullptr);
assert(!f.is_open());
}
#if defined(__unix__)
{
std::filebuf f;
assert(!f.is_open());
// Use open directly to get the file descriptor.
int fd = open(temp.c_str(), O_RDWR);
assert(fd >= 0);
// Use the internal method to create filebuf from the file descriptor.
assert(f.__open(fd, std::ios_base::out) != 0);
assert(f.is_open());
// Close the file descriptor directly to force filebuf::close to fail.
assert(close(fd) == 0);
// Ensure that filebuf::close handles the failure.
assert(f.close() == nullptr);
assert(!f.is_open());
assert(f.close() == nullptr);
}
#endif
std::remove(temp.c_str());
return 0;
}