[Pcsclite-muscle] pcsc_stringify_error thread safety
Nikos Mavrogiannopoulos
nmav
Thu Jan 26 05:39:29 PST 2017
----- Original Message -----
> Hello,
>
> 2017-01-18 11:29 GMT+01:00 Nikos Mavrogiannopoulos <nmav at redhat.com>:
>
> > On Tue, 2017-01-17 at 20:33 +0100, Maksim Ivanov wrote:
> >
> > > The pcsc_stringify_error function in the PC/SC-Lite implementation
> > > uses a statically allocated buffer. This means that the buffer may be
> > > used simultaneously when the function is called from multiple threads
> > > concurrently.
> > > Therefore, the returned message may be spoiled, e.g.:
> > > "Internal error.ul"
> > > or
> > > "Command cancell"
> > > In the worst-case scenario, the application may read an unbounded
> > > string (with the terminating null character missing).
> >
> > A possible fix is attached. That avoids copying strings which are
> > constant on global store, and ensures that the static buffer is on
> > thread local store when possible.
> >
> > Except compilation, the fix is completely untested.
> >
>
> A really simple fix is:
> --- /var/folders/jb/2mvc64nx74b76qjg_5yk8zs00000gn/T//zsNKq9_error.c
> 2017-01-18 14:37:19.000000000 +0100
> +++ src/error.c 2017-01-17 22:20:08.000000000 +0100
> @@ -76,7 +76,7 @@ PCSC_API char* pcsc_stringify_error(cons
> */
> PCSC_API char* pcsc_stringify_error(const LONG pcscError)
> {
> - static char strError[75];
> + __thread static char strError[75];
> const char *msg = NULL;
>
> switch (pcscError)
>
> I tested it with success.
>
> It looks like __thread is standard and not GNU C specific.
A bit late, however, as far as I know the C11 standard defines _Thread_local
and not __thread. The latter is supported by some compilers, but it is not
in any standard I know of. In any case, for most systems pcsc-lite will be
compiled on __thread is also fine.
regards,
Nikos
More information about the pcsclite-muscle
mailing list