GNU bug report logs - #22811
adns crash bugfix/patch

Previous Next

Package: adns;

Reported by: Jared Mauch <jared <at> puck.nether.net>

Date: Fri, 26 Feb 2016 01:40:01 UTC

Severity: normal

To reply to this bug, email your comments to 22811 AT debbugs.gnu.org.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to adns-discuss <at> chiark.greenend.org.uk:
bug#22811; Package adns. (Fri, 26 Feb 2016 01:40:01 GMT) Full text and rfc822 format available.
Acknowledgement sent to Jared Mauch <jared <at> puck.nether.net>:
New bug report received and forwarded. Copy sent to adns-discuss <at> chiark.greenend.org.uk. (Fri, 26 Feb 2016 01:40:01 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Jared Mauch <jared <at> puck.nether.net>
To: submit <at> debbugs.gnu.org
Cc: ijackson <at> chiark.greenend.org.uk
Subject: adns crash bugfix/patch
Date: Thu, 25 Feb 2016 20:29:26 -0500

Package: adns


diff --git a/src/types.c b/src/types.c
index d65e155..55bf098 100644
--- a/src/types.c
+++ b/src/types.c
@@ -984,12 +984,13 @@ static int di_hostaddr(adns_state ads,
 }
 
 static void mfp_hostaddr(adns_query qu, adns_rr_hostaddr *rrp) {
-  void *tablev;
+  void *tablev = NULL;
   size_t addrsz= gsz_addr(0, qu->answer->type);
 
   adns__makefinal_str(qu,&rrp->host);
   tablev= rrp->addrs;
-  adns__makefinal_block(qu, &tablev, rrp->naddrs*addrsz);
+  if (rrp->naddrs > 0)
+    adns__makefinal_block(qu, &tablev, rrp->naddrs*addrsz);
   rrp->addrs= tablev;
 }
 

This occurs when something is queried and comes back bogus/semi-bogus, eg:

(gdb) bt
#0  __memcpy_sse2_unaligned () at ../sysdeps/x86_64/multiarch/memcpy-sse2-unaligned.S:116
#1  0x00007ff5811c0b68 in memcpy (__len=18446744073709551584, __src=0x25fb6a8, __dest=<optimized out>) at /usr/include/x86_64-linux-gnu/bits/string3.h:51
#2  adns__makefinal_block (qu=qu <at> entry=0x2478590, blpp=blpp <at> entry=0x7ffd2c153db8, sz=18446744073709551584) at ../src/query.c:675
#3  0x00007ff5811bb8ae in mfp_hostaddr (qu=0x2478590, rrp=0x24af8f0) at ../src/types.c:992
#4  0x00007ff5811c0d5c in makefinal_query (qu=0x2478590) at ../src/query.c:593
#5  adns__query_done (qu=0x2478590) at ../src/query.c:646
#6  0x00007ff5811c097a in adns__returning (ads=ads <at> entry=0x242a010, qu_for_caller=qu_for_caller <at> entry=0x0) at ../src/query.c:514
#7  0x00007ff5811be988 in adns_processreadable (ads=0x242a010, fd=3, now=0x7ffd2c154148) at ../src/event.c:429
#8  0x00007ff5811bf854 in fd_event (ads=0x242a010, fd=39827112, fd <at> entry=3, revent=-32, revent <at> entry=7, pollflag=526672, pollflag <at> entry=1, maxfd=32917, maxfd <at> entry=6, fds=0xffffffffffffffe, fds <at> entry=0x7ffd2c1542d0, 
    func=func <at> entry=0x7ff5811be7b0 <adns_processreadable>, now=..., r_r=r_r <at> entry=0x0) at ../src/event.c:519
#9  0x00007ff5811bf94e in adns__fdevents (ads=ads <at> entry=0x242a010, pollfds=pollfds <at> entry=0x7ffd2c154210, npollfds=<optimized out>, maxfd=maxfd <at> entry=6, readfds=readfds <at> entry=0x7ffd2c1542d0, writefds=writefds <at> entry=0x7ffd2c154350, 
    exceptfds=exceptfds <at> entry=0x7ffd2c1543d0, now=..., r_r=r_r <at> entry=0x0) at ../src/event.c:544
#10 0x00007ff5811bfaa5 in adns_afterselect (ads=0x242a010, maxfd=6, readfds=readfds <at> entry=0x7ffd2c1542d0, writefds=writefds <at> entry=0x7ffd2c154350, exceptfds=exceptfds <at> entry=0x7ffd2c1543d0, now=0x7ffd2c154200, now <at> entry=0x0) at ../src/event.c:599
#11 0x000000000040166c in main (argc=<optimized out>, argv=<optimized out>) at adh-main.c:268
(gdb) up
#4  0x00007ff5811c0d5c in makefinal_query (qu=0x2478590) at ../src/query.c:593
593	      qu->typei->makefinal(qu, ans->rrs.bytes + rrn*ans->rrsz);
(gdb) up
#5  adns__query_done (qu=0x2478590) at ../src/query.c:646
646	    makefinal_query(qu);
(gdb) print qu
$6 = (adns_query) 0x2478590
(gdb) up
#6  0x00007ff5811c097a in adns__returning (ads=ads <at> entry=0x242a010, qu_for_caller=qu_for_caller <at> entry=0x0) at ../src/query.c:514
514	    iq->ctx.callback(parent,iq);
(gdb) print parent
$7 = <optimized out>
(gdb) print iq
$8 = (adns_query) 0x24d8db0
(gdb) down
#5  adns__query_done (qu=0x2478590) at ../src/query.c:646
646	    makefinal_query(qu);
(gdb) down
#4  0x00007ff5811c0d5c in makefinal_query (qu=0x2478590) at ../src/query.c:593
593	      qu->typei->makefinal(qu, ans->rrs.bytes + rrn*ans->rrsz);
(gdb) down
#3  0x00007ff5811bb8ae in mfp_hostaddr (qu=0x2478590, rrp=0x24af8f0) at ../src/types.c:992
992	  adns__makefinal_block(qu, &tablev, rrp->naddrs*addrsz);
(gdb) print rrp->naddrs
$9 = -1
Information forwarded to adns-discuss <at> chiark.greenend.org.uk:
bug#22811; Package adns. (Fri, 12 Aug 2016 21:13:01 GMT) Full text and rfc822 format available.

Message #8 received at 22811 <at> debbugs.gnu.org (full text, mbox):

From: Ian Jackson <ijackson <at> chiark.greenend.org.uk>
To: Jared Mauch <jared <at> puck.nether.net>
Cc: 22811 <at> debbugs.gnu.org
Subject: Re: bug#22811: adns crash bugfix/patch
Date: Fri, 12 Aug 2016 22:12:40 +0100

Jared Mauch writes ("bug#22811: adns crash bugfix/patch"):
> This occurs when something is queried and comes back bogus/semi-bogus, eg:

Thanks.  I have a different fix for this in my tree which I am about
to release.

Regards,
Ian.
This bug report was last modified 8 years and 312 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.