Package: libc6
Version: 2.7-13
Severity: important
Tags: patch
getaddrinfo_a creates a segfault in its worker thread due to the stack
size being too small. Segfault happens here:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x40003950 (LWP 25753)]
__res_vinit (statp=0x40003dc8, preinit=0) at res_init.c:179
179 statp->id = res_randomid();
Upon entering __res_vinit, the stack pointer goes into the 0x1000 byte
guard region at the bottom of the thread's segment.
The call into res_randomid causes the segment violation. The code in
res_randomid is never reached.
Here is a sample program to tickle the bug:
#include <string.h>
#include <netdb.h>
#include <signal.h>
int
main(void)
{
int ret_val;
struct sigevent sig;
struct gaicb gaistruct;
memset(&gaistruct, 0, sizeof(gaistruct));
struct gaicb *gptr[1];
gptr[0] = &gaistruct;
memset(&sig, 0, sizeof(sig));
gptr[0]->ar_name = "a";
sig.sigev_notify = SIGEV_NONE;
ret_val = getaddrinfo_a(GAI_WAIT, gptr, 1, &sig);
return 0;
}
Root cause of the bug is in debian/linuxthreads/sysdeps/pthread/
gai_misc.h. The code sets the stack size for
the worker thread to the pthreads minimum. This is just not enough.
System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.22.6091807 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages libc6 depends on:
ii libgcc1 1:4.3.1-2 GCC support library
libc6 recommends no packages.
Versions of packages libc6 suggests:
pn glibc-doc <none> (no description available)
ii locales 2.7-13 GNU C Library: National
Language (
-- debconf information excluded
--- glibc-2.7/resolv/gai_misc.c.orig 2008-08-13 14:44:03.000000000 -0400
+++ glibc-2.7/resolv/gai_misc.c 2008-08-13 14:44:28.000000000 -0400
@@ -39,7 +39,6 @@
/* Make sure the thread is created detached. */
pthread_attr_init (&attr);
pthread_attr_setdetachstate (&attr, PTHREAD_CREATE_DETACHED);
- pthread_attr_setstacksize(&attr, 32768);
int ret = pthread_create (threadp, &attr, tf, arg);
--- ./glibc-2.7/nptl/sysdeps/pthread/gai_misc.h.orig 2008-08-13
14:46:57.000000000 -0400
+++ ./glibc-2.7/nptl/sysdeps/pthread/gai_misc.h 2008-08-13
14:47:24.000000000 -0400
@@ -96,8 +96,8 @@
pthread_attr_init (&attr);
pthread_attr_setdetachstate (&attr, PTHREAD_CREATE_DETACHED);
- /* The helper thread needs only very little resources. */
- (void) pthread_attr_setstacksize (&attr, PTHREAD_STACK_MIN);
+ /* The helper thread needs only very little resources - but more
than PTHREAD_STACK_MIN. */
+ (void) pthread_attr_setstacksize (&attr, 32768);
/* Block all signals in the helper thread. To do this thoroughly we
temporarily have to block all signals here. */
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
