[Bug 268195] Re: getaddrinfo_a stack overflow on 64bit - hardy

Adam Conrad adconrad at 0c3.net
Sat Mar 14 19:49:51 UTC 2015 

** Changed in: glibc (Ubuntu)
       Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to glibc in Ubuntu.
https://bugs.launchpad.net/bugs/268195

Title:
  getaddrinfo_a stack overflow on 64bit - hardy

Status in The GNU C Library:
  Fix Released
Status in glibc package in Ubuntu:
  Fix Released
Status in glibc package in Debian:
  Fix Released

Bug description:
  /home/mcmanus/t/t>lsb_release -rd
  Description:    Ubuntu 8.04.1
  Release:        8.04

  /home/mcmanus/t/t>apt-cache policy libc6
  libc6:
    Installed: 2.7-10ubuntu3
    Candidate: 2.7-10ubuntu3
    Version table:
   *** 2.7-10ubuntu3 0
          500 http://us.archive.ubuntu.com hardy/main Packages
          100 /var/lib/dpkg/status

  --

  I think this is an upstream bug.

  This sample program crashes due to a stack overflow on a thread spawned by glibc. I am not sure if that is also true on 32bit.
   (Complile as gcc poc.c -lresolv -ldl -lpthread -lanl )

  #define _GNU_SOURCE
  #include <netdb.h>
  #include <string.h>

  main()
  {
      struct gaicb gb, *list[1];
      struct addrinfo hints;

      memset (&hints, 0 , sizeof (hints));
      list[0] = &gb;
      memset (&gb, 0, sizeof (gb));
      gb.ar_name = "www.ducksong.com";
      gb.ar_service = NULL;
      gb.ar_request = &hints;
      gb.ar_result = NULL;
      getaddrinfo_a (GAI_WAIT, list, 1, NULL);

      return 0;
  }

  In addition to the SEGV, valgrind reports
  ==21077==
  ==21077== Process terminating with default action of signal 11 (SIGSEGV)
  ==21077==  Bad permissions for mapped region at address 0x4023A88
  ==21077==    at 0x57477CC: __res_vinit (res_init.c:571)
  ==21077==    by 0x7FF0005FF: ???
  ==21077==    by 0x802BF: ???

  The following patch to libc lets the program run without error and
  gets valgrind a clean bill of health.

  diff -ur glibc-2.7/nptl/sysdeps/pthread/gai_misc.h ../../glibc-2.7/nptl/sysdeps/pthread/gai_misc.h
  --- glibc-2.7/nptl/sysdeps/pthread/gai_misc.h   2007-07-28 15:30:21.000000000 -0400
  +++ ../../glibc-2.7/nptl/sysdeps/pthread/gai_misc.h     2008-09-09 11:02:59.293997492 -0400
  @@ -97,7 +97,7 @@
     pthread_attr_setdetachstate (&attr, PTHREAD_CREATE_DETACHED);

     /* The helper thread needs only very little resources.  */
  -  (void) pthread_attr_setstacksize (&attr, PTHREAD_STACK_MIN);
  +  (void) pthread_attr_setstacksize (&attr, 24*1024);

     /* Block all signals in the helper thread.  To do this thoroughly we
        temporarily have to block all signals here.  */

To manage notifications about this bug go to:
https://bugs.launchpad.net/glibc/+bug/268195/+subscriptions

More information about the foundations-bugs mailing list