Message 29134 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	eichin
Recipients
Date	2006-07-11.21:38:59
SpamBayes Score
Marked as misclassified
Message-id
In-reply-to

Content
The appended code is a simple call of the SCSI Inquiry ioctl, based on what scsi-tools scsiinfo.c does. The intended behaviour is simple - pass it /dev/sg0 (or any scsi device, really) and it pulls out the vendor, product and revision from the returned buffer. However, if you change PAD_SIZE, the behaviour changes: at 1023 and 1025, it does what is expected; at 1024, the second assertion fires, because the array b on output hasn't changed at all. Not sure if there's a different ioctl that can demonstrate this more easily (this needs root and a scsi device, though it does explicitly open it readonly) but it points in the direction of a fencepost error in the "if the supplied buffer is less than 1024 bytes long it is first copied into a static buffer 1024 bytes long which is then passed to ioctl and copied back into the supplied buffer" behaviour in current documentation. observed under: Python 2.4.1 (#2, May 5 2005, 11:32:06) [GCC 3.3.5 (Debian 1:3.3.5-12)] on linux2 (on debian sarge.) I didn't see it mentioned among the ioctl bugs in the sourceforge tracker...

The appended code is a simple call of the SCSI Inquiry
ioctl, based on what scsi-tools scsiinfo.c does.  The
intended behaviour is simple - pass it /dev/sg0 (or any
scsi device, really) and it pulls out the vendor,
product and revision from the returned buffer.

However, if you change PAD_SIZE, the behaviour changes:
at 1023 and 1025, it does what is expected; at 1024,
the second assertion fires, because the array b on
output hasn't changed at all.

Not sure if there's a different ioctl that can
demonstrate this more easily (this needs root and a
scsi device, though it does explicitly open it
readonly) but it points in the direction of a fencepost
error in the "if the supplied buffer is less than 1024
bytes long it is first copied into a static buffer 1024
bytes long which is then passed to ioctl and copied
back into the supplied buffer" behaviour in current
documentation.

observed under:
Python 2.4.1 (#2, May  5 2005, 11:32:06)
[GCC 3.3.5 (Debian 1:3.3.5-12)] on linux2
(on debian sarge.)

I didn't see it mentioned among the ioctl bugs in the
sourceforge tracker...

History
Date	User	Action	Args
2007-08-23 14:41:17	admin	link	issue1520818 messages
2007-08-23 14:41:17	admin	create