HELP: IPC bug which crashes our 4.2 systems

Sun Dec 2 11:50:35 AEST 1984

     The attached two program compose the shortest example I can
specify of a bug which will cause 4.2bsd to go into an infinite loop.

     The first program, talk.c opens a socket, connects to the server
listening on that socket, sends it a message and then exits.  When used
with another program it works fine.  When used with the second program,
it causes the system to hang.

     The second program, willcrash.c opens a socket, binds that socket
to a stream address, listens on that socket for connections, and then
does an unrelated select.

     The select should not return until there is input on channel 0,
which is standard input.

     To cause the bug to happen:

     1) Compile the two programs:
	cc -g -o willcrash willcrash.c
	cc -g -o talk talk.c

     2) Run willcrash:
        willcrash
	
     3) Run talk:
        talk test hi 1

     4) Attempt to terminate willcrash, either by typing a CTRL-C, or
by doing a kill.  At this point, the system will go into an infinite
loop.

     Any help in solving this one would be greatly appreciated.

Thanks,

Marty
fouts at ames-nas
---------------------- talk.c ------------------------------------------------
/* talk.c -- unix domain experiment */
#include <stdio.h>
#include <sys/types.h>
#include <sys/socket.h>

extern	int errno;

main(argc,argv)
char *argv[];
{
	int	sock;			/* unix socket file descriptor */
	char	ofname[20];		/* unix socket name */
	char	*request;
	char	*crayp;
	int	junk;
	int	loop;
	struct	sockaddr socketname;

	/*
	 *	Crack the parameters.
	 */
	if (argc < 3) usagerr();
	crayp = argv[1];
	printf(" Attempting to use socket %s.\n", crayp);
	sock = socket(AF_UNIX,SOCK_STREAM,0);
	if (sock < 0) {
		perror("Talk can't open socket");
		exit(1);
	}
	socketname.sa_family = AF_UNIX;
	strcpy(socketname.sa_data,crayp);
	if (connect(sock,&socketname,sizeof(struct sockaddr)) < 0) {
	    close(sock);
	    perror("talk: Connect failed");
	    exit(1);
	}
	request = argv[2];

	loop = atoi(argv[3]);
	for (junk=0; junk < loop; junk++) {
	if (write(sock, request, strlen(request)) < 0) {
		perror("Talk can't send message");
		exit(1);
	}
	}
	close(sock);
}

/*
 *	Indicate a usage error and exit.
 */

usagerr()
{
	fprintf(stderr, "usage:  talk socket message count");
	exit(1);
}
-------------------- willcrash.c ----------------------------------------------
/*
 * This version will crash 4.2
 */
#include <sys/types.h>
#include <sys/socket.h>

main()

{
    int fd;
    struct sockaddr s1;
    int     ready = 1;

    fd = socket (AF_UNIX, SOCK_STREAM, 0);
    s1.sa_family = AF_UNIX;
    strcpy (s1.sa_data, "test");
    bind (fd, &s1, sizeof (struct sockaddr));
    listen (fd, 5);
    select (20, &ready, 0, 0, 0);
}


----------


----------