The 25-Year-Old BSD Bug

sproketboy writes with news that a developer named Marc Balmer has recently fixed a bug in a bit of BSD code which is roughly 25 years old. In addition to the OSnews summary, you can read Balmer's comments and a technical description of the bug. "This code will not work as expected when seeking to the second entry of a block where the first has been deleted: seekdir() calls readdir() which happily skips the first entry (it has inode set to zero), and advance to the second entry. When the user now calls readdir() to read the directory entry to which he just seekdir()ed, he does not get the second entry but the third. Much to my surprise I not only found this problem in all other BSDs or BSD derived systems like Mac OS X, but also in very old BSD versions. I first checked 4.4BSD Lite 2, and Otto confirmed it is also in 4.2BSD. The bug has been around for roughly 25 years or more."

more proof

[by Anonymous Coward]

...of the superiority of Microsoft.

the developers probably knew about it

[by Anonymous Coward]

but they had more important things to do. At least until Balmer started throwing chairs.

See? SEE?

[Frosty Piss (770223)]

See? See?

This is the power of Open Source!

With all those eyes looking at the code, stuff like this gets ID'd and fixed LICKITY SPLIT!

(runs and hides)

Re:See? SEE?

[Spy der Mann (805235)]

No need to run and hide. The only reason the bug's so old is because the OS is that old. And remember that 25 years ago, we didn't have web 2.0.

In comparison, Microsoft has been around for what... 20 years? And who knows what bugs in Windows are there, lurking, just waiting to bite us?

Re:Old Code

[irc.goatse.cx troll (593289)]

Windows 2000 & NT4 source code leak [slashdot.org]
Only 4 years ago.

Trac

[extirpater (132500)]

Bug tracking software missed this because it's bug #1. lol.

Samba knew, but didn't pass it on?

[quarrel (194077)]

The most telling thing in TFA for me was that the bug had been identified by the Samba team and a workaround implemented for Samba.

Surely both the samba communities and the *BSD communities are active enough that this could have been passed on for further investigation by the *BSD crowd? (Sure, samba probably would still need a workaround, particularly given the long uptimes and widespread deployment of *BSDs)

I know nothing of the devs at Samba and *BSD, but seems a bit strange. Perhaps they did try..

Meanwhile, congrats to Marc on fixing a bug. One of the most touted benefits of open source (whatever your license) code.

--Q

Re:Samba knew, but didn't pass it on?

[id10ts (1147541)]

Yes, Samba did pass on what it found and it appears they were promptly shot down by someone on the *BSD side.

The Samba e-mail archives contain a message from over 3 years ago [samba.org], but it doesn't give attribution to the *BSD source.

The Samba Bugzilla also has a bug reported more recently [samba.org] involving the same issue. Reading through the bug history, you can see there was one FreeBSD dev involved in the bug discussion, and he referenced a prior conversation between Tridge (Samba) and PHK (FreeBSD) where PHK said there was no bug in FreeBSD.

BSD is Dying!

[Doc Ruby (173196)]

If you define BSD as a collection of bugs, this story proves that BSD is dying.

Should it be fixed?

[CaroKann (795685)]

Considering how old this bug is, and how much work-around code probably exists as a result, I wonder how many new bugs this bug fix will create.

Re:Should it be fixed?

[irc.goatse.cx troll (593289)]

Most workarounds involve disabling caching. As a result they could re-enable caching for a performance increase, but leaving it off should have no iller effects with the patch than without.

Long live the Code

[GuldKalle (1065310)]

Am I the only one who thinks it's quite impressive to have 25 year old code still being used and employed on new systems?

Re:Wait... Would you ever hit this?

[ivan256 (17499)]

Of course, now that I've R'd the FA, I understand that it's the first entry in the block (of which a directory with a sufficient number of files would have multiple), and not the first entry in the directory. Kindly ignore my previous response... Nothing to see here...

Re:Wait... Would you ever hit this?

[TheRaven64 (641858)]

The first entry in a disk block, not the first entry in a directory. Each disk block is 512 bytes, so you can store around 30 files in there with shortish file names (each stores the name, the inode and a cumulative free space counter). For large directories you have around a one in 30 chance that the deleted file will be the first one in a block. Delete a dozen files from a large directory and there's a pretty large chance you'll hit this bug.

Re:Many eyes make bugs shallow...

[DannyO152 (544940)]

How many "eyes" were watching BSD systems use Samba for a DOS filesystem? Seems to me, someone saw behavior and exactly because it was open source, looked into it, found the coding error and filed a bug report. It will be fixed, because everyone now knows about this, and that too is a side effect of open source, even if it's related to the politics.

Re:Many eyes make bugs shallow...

[garett_spencley (193892)]

From the sounds of it, this was a bug that was not triggered very often. When it was finally triggered, investigated and fixed the person who found it released the info publicly, thanks to the beauty of Open Source, and everyone affected, commercial entities and FOSS users using the code alike, benefited. If this were a proprietary system that were licensed out to various companies stricken by NDAs etc. it's quite likely that if one company discovered the bug the others would never learn about it.

Re:Many eyes make bugs shallow...

[Goaway (82658)]

Except that the bug had been triggered many times before, seeing as how Samba had code in place to work around it.

Re:Many eyes make bugs shallow...

[Goaway (82658)]

Perhaps they didn't feel like doing the "no, it's supposed to work like that, you're wrong" dance.

Re:Many eyes make bugs shallow...

[TheRaven64 (641858)]

This bug has been around for a long time, but is only visible if you have large directories and delete files from them in between calls to readdir and seekdir. This is quite uncommon behaviour, and was incredibly uncommon 25 years ago when filesystems were much smaller and directories almost never contained enough files to require more than one or two disk blocks to store the directory.

When the Samba people found it, they decided to just code a work-around and not bother to report it to any of the BSD teams. If they had done, it would probably have been fixed in 22 years.

Now that it has been fixed in OpenBSD, the change can easily be taken and incorporated into FreeBSD, NetBSD, DragonFlyBSD and Darwin.

Re:Many eyes make bugs shallow...

[Peganthyrus (713645)]

You see what you're looking for, most of the time. This sounds like a subtle bug that you're not going to find until you go looking for it; it's hard to invoke under normal usage patterns. Nobody stared at that code looking for this problem until now. But if it was closed source, the guy who fixed it wouldn't have been able to look at it and find the problem.

A quick googling of "many eyes make all bugs shallow" brings me the more complete statement that adage is simplified from: "Given a large enough beta-tester and co-developer base, almost every problem will be characterized quickly and the fix will be obvious to someone." (Linus via ESR). Clearly this 25-year-old bug is one of the exceptions that calls for the 'almost'.

Re:Many eyes make bugs shallow...

[Derek Pomery (2028)]

Erm. That's not what "many eyes make bugs shallow" means.
Well. Just reading the source is part of it, but not all.
Fact is, if I run into odd behaviour when testing/using - if the source is available I can read it, I can breakpoint.
I cannot do that with a binary.

So yes. Things did occur as they were supposed to. Someone found something odd, they were able to look at code in question, and fix it.

The shallowness is the fact that there is a direct connection between the thousands of testers/users and the code in question.
Instant turnaround. No "user reports behaviour in detailed fashion, including testcase, to some corporate e-mail address, and maybe it eventually gets a to a developer three layers down who may be able to figure it out and fix it if he has the time"

Re:Many eyes make bugs shallow...

[InvisblePinkUnicorn (1126837)]

This is like saying global warming either does exist because today was the hottest on record, or does not exist because today was the coldest on record. Why are these analogous? Because in both situations, you're only considering one data point, which does not even begin to indicate a trend.

Re:They actually do...

[Goaway (82658)]

After all, someone closed a 25-year bug... how many hidden bugs will remain that way in os/2 warp? windows 95? other proprietary systems?

Er, this bug was in current versions, too, you know.

Re:Now it's time for a little housekeeping

[TheRaven64 (641858)]

It doesn't let you hide an executable. Something like ls, which iterates over the directory entries, will see the executable. It's only things which maintain an internal cache of directory entries which will have the problem. The 'fix' for Samba was to turn off directory caching and this made all of the files visible again.

bug blassification, side effects and Insults!

[JonTurner (178845)]

3 thoughts on this:

1. I think this bug would be classified "archeological".

2. The question now is what happens to the Samba work-around patches. Now that the bug is fixed, do the patches cause a side-effect (i.e. "a new bug")?

3. This gives rise to a new meme of nerd insults. "You call yourself a programmer? Why I've fixed bugs older than you!" Of course, only one man is entitled to use that line.