Exercise a possible bug present on macOS Ventura on M1

a.md

Possible Bug on macOS Ventura on Apple M1 Silcone

To check your system if this bug is present simply, save the m1-ventura-write-bug.c file below to disk and compile and run it as such:

$ gcc m1-ventura-write-bug.c
$ ./a.out

If the output of a.out says "Congratulations", your system is fine. However, on M1 Ventura the output indicates that the write call is possibly broken.

Expected Behavior

The write system call is documented as returning an error when the user supplied buffer is outside the process's address range. To my knowledge it is impossible to have 0x0 actually mapped into process space, and all other platforms tested so far agree that passing a NULL pointer is an error.

On macOS Ventura on Apple M1, passing a NULL pointer to write instead returns 0 bytes written with errno also set to 0.

Affected Systems

• macOS Ventura on Apple M1

All other systems (specifically including Ventura on Intel and non-Ventura on M1) correctly return -1 from write when a NULL pointer is passed.

Other Notes

This bug can be reproduced with both Apple Clang (clang-1400.0.29.202) and GNU gcc (Homebrew GCC 12.2.0) suggesting that the bug is either in libc or the kernel. I don't have much experience tracking down bugs at this level so I'm still a bit lost trying to even find where the write system call is implemented.

m1-ventura-write-bug.c

#include <fcntl.h>
#include <stdio.h>
#include <string.h>
#include <sys/errno.h>
#include <unistd.h>

int
main(int argc, char* argv[])
{
    char* buf = NULL;
    int fd = open("blargh.txt", O_WRONLY | O_APPEND | O_CREAT, S_IRWXU);
    ssize_t written = write(fd, 0x0, 2147483647);
    if(written < 0 && errno != 0) {
        fprintf(stderr, "Congratulations, your system is not affected.\n");
    }
    if(written == 0 && errno == 0) {
        fprintf(stderr, "Your `write` call appears to be broken.\n");
    }
}