#Why does libc exit use returnCode % 1024 and not returnCode & 0xFF ?

"The exit() function causes normal process termination and the
least significant byte of status (i.e., status & 0xFF) is
returned to the parent (see wait(2))."

Why are the docs lying to me?

where exactly do you see status % 1024 @vapid canopy ?`

https://github.com/bminor/glibc/blob/e7c14e542d8d858b824b5df4f4e3dc93695e6171/stdlib/exit.c#L146
calls
https://github.com/bminor/glibc/blob/e7c14e542d8d858b824b5df4f4e3dc93695e6171/stdlib/exit.c#L43
which calls
https://github.com/bminor/glibc/blob/e7c14e542d8d858b824b5df4f4e3dc93695e6171/posix/_exit.c#L25
which status &= 0xff's
before aborting

whats more interesting is how the status is communicated to the calling process
because that thing doesnt return at all, so i assume they rely on status being in %rax

Interesting

You know what's even more interesting (imo)? _exit() calls abort() which can itself call _exit()

lmao

time to look what musl does

oh

the exit syscall specified by rax expects the status in rdi so how does it communiate that

  /* If we can't signal ourselves and the abort instruction failed, exit.  */
  if (stage == 5)
    {
      ++stage;
      _exit (127);
    }

"if it does not exit, make sure it exits by overflowing the stack"

indeed

Yeah I'm a little confused here

https://github.com/bminor/glibc/blob/e7c14e542d8d858b824b5df4f4e3dc93695e6171/sysdeps/unix/sysv/linux/_exit.c#L26

Here we go

I think this is the actual _exit on sysv

oh

wtf was i looking at then

Presumably that's the fallback implementation for unknown systems

i see

runtime testing

in the debugger ?

in $? from the shell, the literal process exit code

literally just run it and see

@vapid canopy this is an implementation-defined thing. What system are you on.

cant reproduce

^

I tried that on CentOS Linux, some recent distro release, g++ 4.8.5 I think

ummmmm

kay let me pop open the ubuntu VM

That’s ancient lol

the compiler yes, the linux distro no

i mean you can also try on ;compile

n o

Ok…?

But the compiler and libc are the most important part here

yes

;compile bash

echo -e "#include <stdlib.h>\nint main(int argc, char **argv) { return atoi(argv[1]); }" > main.c
gcc main.c
./a.out 127 ; echo $? ; uname -r

The segfault message is misleading

It’s not actually

what is segfaulting lol

It’s not

It’s an artifact of the sandbox

oh

Iirc

ok so I can't reproduce it here either,
let me ask my question in a different way

the return type is int, why can't libc just, put the same return code as the actaul int value, and NOT truncate it to the last byte? Or in different libc implementations, do other arithmetic with the int value?

can you give the output of ldd --version

on the system where it happens

@vapid canopy

It seems pretty baked into the posix standard that exit codes are 0-255. I'm sure the reason is just historical.

kay one moment

on the system where you can return with more than 255

i just need the glibc version

2.31 was released in 2020

nope, manual testing shows the highest value is 255, anything higher loops back to 0

yeah but thats on ubuntu

i thought u encountered the problem in centos ?

kay let me go and access this real centos machine, it's corporate property we use at work

i mean essentially you can look up the version and download the source and look if they & 0xff on status exit

if they dont you know why its 1024

say that again, the version of the what?

libc?

ldd?

glibc

which piece of software's source code exactly

aha

the second line after the input

2.31 is the glibc version

download the source of that release and look what exit does

in _exit.c ?

.../stdlib/exit.c
is the path on the current release

and then follow any function calls

if you dont know where to follow it look at what is included in that file

ohhhhhhhhhhhhhhhh

so yes, on the machine where I ran this, it is again modulo 256

!solved