From 4daa146bf71cea174271371a0eb3cf22719a550b Mon Sep 17 00:00:00 2001 From: Andrew Church Date: Thu, 24 Sep 2009 10:51:12 -0700 Subject: [PATCH] fix wrong parameter size on ioctl FIONREAD On Wed, Sep 23, 2009 at 23:11, Matthias Schwarzott wrote: > It is about ioctl failures on amd64: > http://bugs.gentoo.org/show_bug.cgi?id=286041 > > A bad parameter type to an ioctl() call causes udev-146 to generate "error > getting buffer for inotify" messages in syslog. The offending code is > roughly: > > ssize_t nbytes, pos; > // ... > ioctl(fd, FIONREAD, &nbytes); > > where ssize_t is 64 bits on amd64, but the kernel code for FIONREAD (at least > through gentoo-sources-2.6.31) uses type int: > > p = (void __user *) arg; > switch (cmd) { > case FIONREAD: > // ... > ret = put_user(send_len, (int __user *) p); > > so the upper 32 bits of "nbytes" are left uninitialized, and the subsequent > malloc(nbytes) fails unless those 32 bits happen to be zero (or the system has > a LOT of memory). --- udev/udevd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/udev/udevd.c b/udev/udevd.c index 2eb914a3..62c64366 100644 --- a/udev/udevd.c +++ b/udev/udevd.c @@ -662,7 +662,7 @@ static void handle_ctrl_msg(struct udev_ctrl *uctrl) /* read inotify messages */ static int handle_inotify(struct udev *udev) { - ssize_t nbytes, pos; + int nbytes, pos; char *buf; struct inotify_event *ev; -- 2.39.5