Subject: bin/15187: dd mishandles read errors
To: None <gnats-bugs@gnats.netbsd.org>
From: None <dbj@netbsd.org>
List: netbsd-bugs
Date: 01/08/2002 22:49:55
>Number: 15187
>Category: bin
>Synopsis: dd mishandles read errors
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: bin-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Tue Jan 08 19:56:00 PST 2002
>Closed-Date:
>Last-Modified:
>Originator:
>Release: NetBSD 1.5ZA 20020105T2358Z
>Organization:
>Environment:
System: NetBSD quiteria 1.5ZA NetBSD 1.5ZA (QUITERIA) #510: Tue Jan 8 05:45:04 EST 2002 dbj@quiteria:/usr/src/sys/arch/macppc/compile/QUITERIA macppc
Architecture: powerpc
Machine: macppc
$ ident /bin/dd
/bin/dd:
$NetBSD: crt0.c,v 1.18 2000/06/14 22:52:50 cgd Exp $
$NetBSD: args.c,v 1.20 2001/11/26 00:56:33 enami Exp $
$NetBSD: conv.c,v 1.14 2001/11/26 00:13:23 lukem Exp $
$NetBSD: conv_tab.c,v 1.8 1997/07/20 21:58:38 christos Exp $
$NetBSD: dd.c,v 1.25 2001/11/26 00:56:33 enami Exp $
$NetBSD: misc.c,v 1.14 2001/11/26 00:56:33 enami Exp $
$NetBSD: position.c,v 1.12 2001/11/26 00:56:33 enami Exp $
$NetBSD: strsuftoull.c,v 1.3 2001/11/30 00:12:04 thorpej Exp $
$NetBSD: swab.c,v 1.11 2001/05/22 18:56:33 christos Exp $
$NetBSD: strtoull.c,v 1.4 2000/05/16 22:07:30 is Exp $
$NetBSD: getopt.c,v 1.21 2001/04/24 09:07:43 joda Exp $
$NetBSD: atexit.c,v 1.12 1999/09/20 04:39:36 lukem Exp $
$NetBSD: errx.c,v 1.4 1999/08/17 03:43:59 mycroft Exp $
$NetBSD: assert.c,v 1.14 2001/02/20 01:17:37 cgd Exp $
$NetBSD: verrx.c,v 1.6 2001/02/19 22:22:16 cgd Exp $
$NetBSD: strsep.c,v 1.11 2000/01/22 22:19:20 mycroft Exp $
$NetBSD: syslog.c,v 1.27 2001/07/30 04:12:33 atatat Exp $
$NetBSD: strftime.c,v 1.12 2000/12/12 15:35:31 kleink Exp $
$NetBSD: localtime.c,v 1.28 2001/11/04 13:57:31 lukem Exp $
$NetBSD: asctime.c,v 1.11 2000/09/13 22:32:28 msaitoh Exp $
$NetBSD: strcpy.c,v 1.12 1999/09/20 04:39:46 lukem Exp $
$NetBSD: strcat.c,v 1.12 1999/09/20 04:39:46 lukem Exp $
$NetBSD: sprintf.c,v 1.10 2001/12/07 11:47:44 yamt Exp $
$NetBSD: vsnprintf.c,v 1.16 2001/12/07 11:47:45 yamt Exp $
$NetBSD: time.c,v 1.9 2000/01/22 22:19:13 mycroft Exp $
$NetBSD: send.c,v 1.8 2000/05/08 13:38:45 kleink Exp $
$NetBSD: warn.c,v 1.4 1999/08/17 03:43:59 mycroft Exp $
$NetBSD: bsearch.c,v 1.11 1999/09/20 04:39:36 lukem Exp $
$NetBSD: vwarn.c,v 1.6 2001/02/19 22:22:16 cgd Exp $
$NetBSD: warnx.c,v 1.4 1999/08/17 03:44:00 mycroft Exp $
$NetBSD: err.c,v 1.16 1999/08/17 03:43:59 mycroft Exp $
$NetBSD: verr.c,v 1.6 2001/02/19 22:22:16 cgd Exp $
$NetBSD: vwarnx.c,v 1.6 2001/02/19 22:22:16 cgd Exp $
$NetBSD: strerror.c,v 1.11 1998/11/15 17:21:49 christos Exp $
$NetBSD: exit.c,v 1.8 1998/10/18 14:36:30 kleink Exp $
$NetBSD: __strerror.c,v 1.17 2001/08/24 00:11:54 yamt Exp $
$NetBSD: __errlist14.c,v 1.3 2000/03/10 13:58:59 kleink Exp $
$NetBSD: index.c,v 1.12 2001/02/09 11:47:21 wiz Exp $
$NetBSD: strncpy.c,v 1.11 1999/09/20 04:39:48 lukem Exp $
$NetBSD: strcmp.c,v 1.12 1999/09/20 04:39:46 lukem Exp $
$NetBSD: ftruncate.c,v 1.10 2000/01/22 22:19:20 mycroft Exp $
$NetBSD: snprintf.c,v 1.15 2001/12/07 11:47:43 yamt Exp $
$NetBSD: fprintf.c,v 1.8 1999/09/20 04:39:27 lukem Exp $
$NetBSD: vfprintf.c,v 1.42 2001/12/07 11:47:44 yamt Exp $
$NetBSD: fvwrite.c,v 1.13 1999/09/20 04:39:29 lukem Exp $
$NetBSD: umoddi3.c,v 1.3 1997/07/13 20:01:58 christos Exp $
$NetBSD: qdivrem.c,v 1.10 2000/01/22 23:02:19 mycroft Exp $
$NetBSD: multibyte.c,v 1.13 2001/10/09 10:21:48 yamt Exp $
$NetBSD: __mb_cur_max.c,v 1.2 2001/01/25 01:25:06 itojun Exp $
$NetBSD: isnan.c,v 1.5 2000/01/22 22:45:00 mycroft Exp $
$NetBSD: isinf.c,v 1.6 2000/01/22 22:45:00 mycroft Exp $
$NetBSD: memcmp.c,v 1.11 1999/09/20 04:39:45 lukem Exp $
$NetBSD: memchr.c,v 1.11 1999/09/20 04:39:45 lukem Exp $
$NetBSD: strtod.c,v 1.38 2001/12/15 03:39:53 thorpej Exp $
$NetBSD: wsetup.c,v 1.9 1999/09/20 04:39:35 lukem Exp $
$NetBSD: makebuf.c,v 1.12 1999/09/20 04:39:30 lukem Exp $
$NetBSD: findfp.c,v 1.14 2001/12/07 11:47:41 yamt Exp $
$NetBSD: fflush.c,v 1.13 1999/09/20 04:39:26 lukem Exp $
$NetBSD: runetable.c,v 1.7 2001/10/20 05:59:35 jmc Exp $
$NetBSD: runenone.c,v 1.8 2001/02/06 18:48:41 christos Exp $
$NetBSD: localeconv.c,v 1.10 2001/01/02 10:53:25 kleink Exp $
$NetBSD: infinity.c,v 1.5 2000/09/13 22:32:26 msaitoh Exp $
$NetBSD: isatty.c,v 1.11 2001/09/30 23:25:38 lukem Exp $
$NetBSD: ctype_.c,v 1.15 2001/04/17 20:12:31 kleink Exp $
$NetBSD: tcgetattr.c,v 1.8 2001/09/30 23:25:39 lukem Exp $
$NetBSD: getenv.c,v 1.15 2000/12/19 21:17:37 christos Exp $
$NetBSD: abort.c,v 1.11 1998/10/12 15:56:16 kleink Exp $
$NetBSD: stdio.c,v 1.11 1999/09/20 04:39:33 lukem Exp $
$NetBSD: sysconf.c,v 1.13 2001/05/07 17:25:57 kleink Exp $
$NetBSD: signal.c,v 1.11 2000/01/22 22:19:12 mycroft Exp $
$NetBSD: getprogname.c,v 1.2 2001/07/09 00:57:58 simonb Exp $
$NetBSD: mmap.c,v 1.11 2000/01/22 22:19:20 mycroft Exp $
$NetBSD: lseek.c,v 1.7 2000/01/22 22:19:20 mycroft Exp $
$NetBSD: bcopy.c,v 1.13 2001/02/08 18:33:50 wiz Exp $
$NetBSD: strncmp.c,v 1.12 1999/09/20 04:39:48 lukem Exp $
$NetBSD: sysctl.c,v 1.11 2000/01/22 22:19:12 mycroft Exp $
$NetBSD: bcopy.c,v 1.13 2001/02/08 18:33:50 wiz Exp $
$NetBSD: fwalk.c,v 1.9 1999/09/20 04:39:29 lukem Exp $
>Description:
dd casts the result of a read(2) call to a uint64_t and
then checks for an error return using < 0. This causes
it to miss the error and instead subsequently call write(2)
with a bogus write length.
>How-To-Repeat:
$ ktrace dd if=/dev/rcd0c of=/dev/null bs=512 count=1
0+1 records in
0+1 records out
18446744073709551615 bytes transferred in 0.001 secs (18446744073709550616 bytes/sec)
$ kdump
1533 ktrace EMUL "netbsd"
1533 ktrace RET ktrace 0
1533 ktrace CALL execve(0x7fffe288,0x7fffe748,0x7fffe760)
1533 ktrace NAMI "/home/dbj/bin/dd"
1533 ktrace RET execve -1 errno 2 No such file or directory
1533 ktrace CALL execve(0x7fffe288,0x7fffe748,0x7fffe760)
1533 ktrace NAMI "/bin/dd"
1533 dd EMUL "netbsd"
1533 dd RET execve JUSTRETURN
1533 dd CALL open(0x7fffe7fe,0,0)
1533 dd NAMI "/dev/rcd0c"
1533 dd RET open 3
1533 dd CALL __fstat13(0x3,0x7fffe658)
1533 dd RET __fstat13 0
1533 dd CALL ioctl(0x3,_IOR('m',0x2,0x38),0x7fffe618)
1533 dd RET ioctl -1 errno 19 Operation not supported by device
1533 dd CALL open(0x7fffe80c,0x602,0x1b6)
1533 dd NAMI "/dev/null"
1533 dd RET open 4
1533 dd CALL __fstat13(0x4,0x7fffe658)
1533 dd RET __fstat13 0
1533 dd CALL ioctl(0x4,_IOR('m',0x2,0x38),0x7fffe618)
1533 dd RET ioctl -1 errno 19 Operation not supported by device
1533 dd CALL __sysctl(0x7fffe628,0x2,0x7fffe630,0x7fffe634,0,0)
1533 dd RET __sysctl 0
1533 dd CALL readlink(0x1816cd8,0x7fffe648,0x3f)
1533 dd NAMI "/etc/malloc.conf"
1533 dd RET readlink -1 errno 2 No such file or directory
1533 dd CALL mmap(0,0x1000,0x3,0x1002,0xffffffff,0,0,0)
1533 dd RET mmap 1099038720/0x41820000
1533 dd CALL break(0x182af58)
1533 dd RET break 0
1533 dd CALL break(0x182bf58)
1533 dd RET break 0
1533 dd CALL break(0x182c000)
1533 dd RET break 0
1533 dd CALL break(0x182d000)
1533 dd RET break 0
1533 dd CALL gettimeofday(0x182abf8,0)
1533 dd RET gettimeofday 0
1533 dd CALL __sigaction14(0x1d,0x7fffe6b8,0x7fffe6d8)
1533 dd RET __sigaction14 0
1533 dd CALL __sigaction14(0x2,0x7fffe6b8,0x7fffe6d8)
1533 dd RET __sigaction14 0
1533 dd CALL read(0x3,0x182c000,0x200)
1533 dd RET read -1 errno 19 Operation not supported by device
1533 dd CALL __sigprocmask14(0x1,0x182abb0,0x7fffe658)
1533 dd RET __sigprocmask14 0
1533 dd CALL write(0x4,0x182c000,0xffffffff)
1533 dd RET write -1 errno 22 Invalid argument
1533 dd CALL __sigprocmask14(0x3,0x7fffe658,0)
1533 dd RET __sigprocmask14 0
1533 dd CALL gettimeofday(0x7fffe688,0)
1533 dd RET gettimeofday 0
1533 dd CALL __sysctl(0x7fffe0e8,0x2,0x1827f38,0x7fffe0f0,0,0)
1533 dd RET __sysctl 0
1533 dd CALL write(0x2,0x7fffe618,0x1f)
1533 dd GIO fd 2 wrote 31 bytes
"0+1 records in
0+1 records out
"
1533 dd RET write 31/0x1f
1533 dd CALL write(0x2,0x7fffe618,0x56)
1533 dd GIO fd 2 wrote 86 bytes
"18446744073709551615 bytes transferred in 0.001 secs (18446744073709550616 bytes/sec)
"
1533 dd RET write 86/0x56
1533 dd CALL exit(0)
>Fix:
Correctly handle signed result from read system call.
>Release-Note:
>Audit-Trail:
>Unformatted: