[Bug binutils/30969] New: ar cannot be safely invoked in parallel on windows
https://sourceware.org/bugzilla/show_bug.cgi?id=30969 Bug ID: 30969 Summary: ar cannot be safely invoked in parallel on windows Product: binutils Version: 2.42 (HEAD) Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: sterpumihai at gmail dot com Target Milestone: --- Created attachment 15167 --> https://sourceware.org/bugzilla/attachment.cgi?id=15167&action=edit patch for adding getpid() to temp file name It seems there is a race condition in ar which is closely related to the usage of mkstemp in function make_tempname (bucomm.c). In certain situations, due to the implementation of mkstemp, the same "unique" file name is generated. This results in a sporadic error of ar: "ar.exe: could not create temporary file whilst writing archive: Permission denied" I repoduced this on Windows on a test system where ar was invoked in parallel. My investigation revealed that all ar invocations used the same temporary file name, "stP1kAlM". This is because the implementation of mkstemp provided by gnulib always uses seed value 0. They do use clock() but given ar calls mkstemp pretty quick, the resolution of clock() on Windows (millisecond) yields the same result. There are basically two solutions here: 1. Investigate and fix the race condition (might prove difficult) OR 2. Add some process specific information to the temporary file name. I personally used getpid() and appended it between "st" and "XX" so each ar invocation truly has a different temporary file. See attached patch. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/30969] ar cannot be safely invoked in parallel on windows
https://sourceware.org/bugzilla/show_bug.cgi?id=30969 --- Comment #2 from Sterpu Mihai --- Hi Sam, The issue is that, from what I see, we now have 2 different implementations. This isn't an easy out of sync case. One might even argue that glibc's implementation is the "outdated" one as it leaks ASLR information via the temporary file names. The gnulib commit in cause, 9ce573cde017182a69881241e8565ec04e5bc728, done by Paul Eggert, states that: "While looking into this, I noticed that tempname can leak info derived from ASLR into publicly-visible file names, which is a no-no. Fix that too." Maybe it would be a good idea to involve Paul as well? -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/30969] ar cannot be safely invoked in parallel on windows
https://sourceware.org/bugzilla/show_bug.cgi?id=30969 Sterpu Mihai changed: What|Removed |Added CC||eggert at cs dot ucla.edu -- You are receiving this mail because: You are on the CC list for the bug.
