[Bug 1779583] Re: cron do_command.c attempts a fork() without testing for errors

Alexis Wilke 1779583 at bugs.launchpad.net
Sun Jul 1 23:23:01 UTC 2018 

I guess I should attempt to compile before submitting a patch. Some
brackets were required in one of the cases.

** Patch added: "Compiling fix to second fork() in child_process()"
   https://bugs.launchpad.net/ubuntu/+source/cron/+bug/1779583/+attachment/5158458/+files/do_command-2.patch

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to cron in Ubuntu.
https://bugs.launchpad.net/bugs/1779583

Title:
  cron do_command.c attempts a fork() without testing for errors

Status in cron package in Ubuntu:
  New

Bug description:
  The do_command.c file calls fork() twice.

  For the first fork(), the possibility for an error is checked properly
  and an error emitted (see
  https://bugs.launchpad.net/ubuntu/+source/cron/+bug/1702785 for an
  example when that happens: message is "can't fork".) This first fork()
  makes use of a switch() statement as expected.

  The second fork(), however, is used inside an if() statement like
  this:

  if (*input_data && fork() == 0) { ... }

  Here we can see a couple of problems. After the if block, we have this
  statement:

  children++;

  which means that we will have to wait on TWO children. However, (1)
  the *input_data could return false and thus the second child may not
  be created at all. (2) the fork() could return -1 meaning that no
  other child is created.

  I suppose that the child_process() probably always or nearly always
  has some input_data. Otherwise it would block waiting for a child that
  was never started. And of course, it is relatively rare that fork()
  fails, unless you are running our of RAM (heap or stack can't be
  allocated) or process space (too many processes running concurrently.)

  I have a proposed patch to fix the problem. It uses a switch() which
  emits an error in case the fork() fails, but let the program go on as
  before (instead of an immediate exit as in the first fork()).

  The children variable gets incremented only when the fork() happens
  and succeeds (default: block in the new switch().)

  The do_command.c file did not change between 16.04 (trusty) and 18.04
  (bionic beaver), so the patch will work for either version.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cron/+bug/1779583/+subscriptions

More information about the foundations-bugs mailing list