path: root/src/ipc/shmctl.c
diff options
authorRich Felker <>2020-03-13 16:27:10 -0400
committerRich Felker <>2020-03-14 21:23:37 -0400
commit2b2c8aafce9d80f9d58652643538f4d58e82b856 (patch)
tree12fe8c1190cef866cf469777ca00fd3b7252a072 /src/ipc/shmctl.c
parent5db475f0b987bfa7935a117aac81e14a98de34fb (diff)
fix corrupt sysvipc timestamps on 32-bit archs with old kernels
kernel commit 4693916846269d633a3664586650dbfac2c5562f (first included in release v4.14) silently fixed a bug whereby the reserved space (which was later used for high bits of time) in IPC_STAT structures was left untouched rather than zeroed. this means that a caller that wants to read the high bits needs to pre-zero the memory. since it's not clear that these operations are permitted to modify the destination buffer on failure, use a temp buffer and copy back to the caller's buffer on success.
Diffstat (limited to 'src/ipc/shmctl.c')
1 files changed, 10 insertions, 0 deletions
diff --git a/src/ipc/shmctl.c b/src/ipc/shmctl.c
index de3ce9d4..1c9f78c2 100644
--- a/src/ipc/shmctl.c
+++ b/src/ipc/shmctl.c
@@ -9,6 +9,14 @@
int shmctl(int id, int cmd, struct shmid_ds *buf)
+#if IPC_TIME64
+ struct shmid_ds out, *orig;
+ if (cmd&IPC_TIME64) {
+ out = (struct shmid_ds){0};
+ orig = buf;
+ buf = &out;
+ }
struct shmid_ds tmp;
if (cmd == IPC_SET) {
@@ -32,6 +40,8 @@ int shmctl(int id, int cmd, struct shmid_ds *buf)
#if IPC_TIME64
if (r >= 0 && (cmd&IPC_TIME64)) {
+ buf = orig;
+ *buf = out;
IPC_HILO(buf, shm_atime);
IPC_HILO(buf, shm_dtime);
IPC_HILO(buf, shm_ctime);