-
Notifications
You must be signed in to change notification settings - Fork 66
Open
Description
Our fuzzer DIFFuzzer (source is closed at the moment) found this bug on commit 1a4d23203df14e84e910cdff48470c430f9560e4 (tag: v2.7.11)
#include <errno.h>
#include <fcntl.h>
#include <stdio.h>
#include <string.h>
#include <sys/stat.h>
#include <unistd.h>
int main() {
int fd = creat("1", S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH);
close(fd);
fd = open("1", O_RDWR);
int truncated = ftruncate(fd, 64);
printf("FTRUNCATE %d(%s)\n", truncated, strerror(errno));
int position = lseek(fd, 0, SEEK_CUR);
printf("LSEEK %d(%s)\n", position, strerror(errno));
char buffer[1000] = {0};
int nread = read(fd, buffer, 100);
printf("READ %d(%s)\n", nread, strerror(errno));
int size = lseek(fd, 0, SEEK_END);
printf("LSEEK %d(%s)\n", size, strerror(errno));
}
// ::Expected::
// FTRUNCATE 0(Success)
// LSEEK 0(Success)
// READ 64(Success)
// LSEEK 64(Success)
// ::Actual::
// FTRUNCATE 0(Success)
// LSEEK 0(Success)
// READ 0(Success)
// LSEEK 0(Success)ftruncate resets file size to zero for the descriptor.
However, file size was actually changed, if using stat:
$ stat 1
File: 1
Size: 64 Blocks: 0 IO Block: 4096 regular file
...System info:
Ubuntu 22.04.5 LTS
Kernel 5.15.178
gcc 11.4.0
Metadata
Metadata
Assignees
Labels
No labels