Subject: Re: libssh2_knownhosts_writefile_fp()

Re: libssh2_knownhosts_writefile_fp()

From: Alexander Lamaison <>
Date: Sun, 21 Nov 2010 14:17:57 +0000

On 21 November 2010 13:57, Tor Arntsen <> wrote:
> On Sun, Nov 21, 2010 at 14:48, Alexander Lamaison <> wrote:
>> Also not safe.  Any 'object' that belongs to one instance of the
>> C-runtime must not be manipulated by another instance.  The file
>> descriptor data is owned by the C-runtime regardless of whether you
>> access it via a fileno or a FILE*.
>> It's a bit like calling malloc() in one instance and calling free() in
>> the other which will also corrupt the runtime memory and most likely
>> crash.  While the memory allocated by malloc() is not owned by the
>> C-runtime (you can access the memory anywhere you wish), the table of
>> memory allocations *is*.  When you call another instance's free() on
>> the pointer, it is the table of allocations that is changed, not the
>> allocated memory.  As each runtime instance has its own table, boo boo
>> ensues.
>> Unfortunately, as far as I'm aware, every file operation manipulates
>> internal tables so you can never safely use any form of opened file
>> descriptor across API calls.
> The above is Windows specfic though. On Unix you can program against
> libA and libB and a malloc from one can safely be free'd by the other,
> if you so wish. (It's of course possible to manually insert local
> versions of any libc function and mess this up, but there's only a
> single instance of the libc runtime even if there are multiple API
> libs involved. Passing a FILE * from one lib to another is quite
> common, and safe on Unix. Not so on Windows, from what I understand.)

This is a myth (one I've discussed at length at various times on this
list). You're right that it is much more common on Windows than Unix
but this is luck rather than design. It relies on the fact that on
Unix every .so is typically linked against the same version of libc so
only one instance is ever loaded. So, you're lucky, on most Unix
systems your software won't crash ... until it does.

Passing a FILE* between your code and the _C-runtime that created it_
is safe. Anything else is not.

Received on 2010-11-21