From debbugs-submit-bounces@debbugs.gnu.org Thu Feb 25 20:39:39 2016 Received: (at submit) by debbugs.gnu.org; 26 Feb 2016 01:39:39 +0000 Received: from localhost ([127.0.0.1]:46492 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aZ7Nb-0003Lb-5g for submit@debbugs.gnu.org; Thu, 25 Feb 2016 20:39:39 -0500 Received: from puck.nether.net ([204.42.254.5]:60674) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aZ7Dk-00035w-L1 for submit@debbugs.gnu.org; Thu, 25 Feb 2016 20:29:28 -0500 Received: from [IPv6:2601:401:3:6a00:9121:4b53:2e29:c38e] (unknown [IPv6:2601:401:3:6a00:9121:4b53:2e29:c38e]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by puck.nether.net (Postfix) with ESMTPSA id B0756540760; Thu, 25 Feb 2016 20:29:25 -0500 (EST) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3120\)) Subject: adns crash bugfix/patch From: Jared Mauch Date: Thu, 25 Feb 2016 20:29:26 -0500 Content-Transfer-Encoding: quoted-printable Message-Id: To: submit@debbugs.gnu.org X-Mailer: Apple Mail (2.3120) X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: submit X-Mailman-Approved-At: Thu, 25 Feb 2016 20:39:37 -0500 Cc: ijackson@chiark.greenend.org.uk X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) Package: adns diff --git a/src/types.c b/src/types.c index d65e155..55bf098 100644 --- a/src/types.c +++ b/src/types.c @@ -984,12 +984,13 @@ static int di_hostaddr(adns_state ads, } =20 static void mfp_hostaddr(adns_query qu, adns_rr_hostaddr *rrp) { - void *tablev; + void *tablev =3D NULL; size_t addrsz=3D gsz_addr(0, qu->answer->type); =20 adns__makefinal_str(qu,&rrp->host); tablev=3D rrp->addrs; - adns__makefinal_block(qu, &tablev, rrp->naddrs*addrsz); + if (rrp->naddrs > 0) + adns__makefinal_block(qu, &tablev, rrp->naddrs*addrsz); rrp->addrs=3D tablev; } =20 This occurs when something is queried and comes back bogus/semi-bogus, = eg: (gdb) bt #0 __memcpy_sse2_unaligned () at = ../sysdeps/x86_64/multiarch/memcpy-sse2-unaligned.S:116 #1 0x00007ff5811c0b68 in memcpy (__len=3D18446744073709551584, = __src=3D0x25fb6a8, __dest=3D) at = /usr/include/x86_64-linux-gnu/bits/string3.h:51 #2 adns__makefinal_block (qu=3Dqu@entry=3D0x2478590, = blpp=3Dblpp@entry=3D0x7ffd2c153db8, sz=3D18446744073709551584) at = ../src/query.c:675 #3 0x00007ff5811bb8ae in mfp_hostaddr (qu=3D0x2478590, rrp=3D0x24af8f0) = at ../src/types.c:992 #4 0x00007ff5811c0d5c in makefinal_query (qu=3D0x2478590) at = ../src/query.c:593 #5 adns__query_done (qu=3D0x2478590) at ../src/query.c:646 #6 0x00007ff5811c097a in adns__returning (ads=3Dads@entry=3D0x242a010, = qu_for_caller=3Dqu_for_caller@entry=3D0x0) at ../src/query.c:514 #7 0x00007ff5811be988 in adns_processreadable (ads=3D0x242a010, fd=3D3, = now=3D0x7ffd2c154148) at ../src/event.c:429 #8 0x00007ff5811bf854 in fd_event (ads=3D0x242a010, fd=3D39827112, = fd@entry=3D3, revent=3D-32, revent@entry=3D7, pollflag=3D526672, = pollflag@entry=3D1, maxfd=3D32917, maxfd@entry=3D6, = fds=3D0xffffffffffffffe, fds@entry=3D0x7ffd2c1542d0,=20 func=3Dfunc@entry=3D0x7ff5811be7b0 , now=3D..., = r_r=3Dr_r@entry=3D0x0) at ../src/event.c:519 #9 0x00007ff5811bf94e in adns__fdevents (ads=3Dads@entry=3D0x242a010, = pollfds=3Dpollfds@entry=3D0x7ffd2c154210, npollfds=3D, = maxfd=3Dmaxfd@entry=3D6, readfds=3Dreadfds@entry=3D0x7ffd2c1542d0, = writefds=3Dwritefds@entry=3D0x7ffd2c154350,=20 exceptfds=3Dexceptfds@entry=3D0x7ffd2c1543d0, now=3D..., = r_r=3Dr_r@entry=3D0x0) at ../src/event.c:544 #10 0x00007ff5811bfaa5 in adns_afterselect (ads=3D0x242a010, maxfd=3D6, = readfds=3Dreadfds@entry=3D0x7ffd2c1542d0, = writefds=3Dwritefds@entry=3D0x7ffd2c154350, = exceptfds=3Dexceptfds@entry=3D0x7ffd2c1543d0, now=3D0x7ffd2c154200, = now@entry=3D0x0) at ../src/event.c:599 #11 0x000000000040166c in main (argc=3D, argv=3D) at adh-main.c:268 (gdb) up #4 0x00007ff5811c0d5c in makefinal_query (qu=3D0x2478590) at = ../src/query.c:593 593 qu->typei->makefinal(qu, ans->rrs.bytes + rrn*ans->rrsz); (gdb) up #5 adns__query_done (qu=3D0x2478590) at ../src/query.c:646 646 makefinal_query(qu); (gdb) print qu $6 =3D (adns_query) 0x2478590 (gdb) up #6 0x00007ff5811c097a in adns__returning (ads=3Dads@entry=3D0x242a010, = qu_for_caller=3Dqu_for_caller@entry=3D0x0) at ../src/query.c:514 514 iq->ctx.callback(parent,iq); (gdb) print parent $7 =3D (gdb) print iq $8 =3D (adns_query) 0x24d8db0 (gdb) down #5 adns__query_done (qu=3D0x2478590) at ../src/query.c:646 646 makefinal_query(qu); (gdb) down #4 0x00007ff5811c0d5c in makefinal_query (qu=3D0x2478590) at = ../src/query.c:593 593 qu->typei->makefinal(qu, ans->rrs.bytes + rrn*ans->rrsz); (gdb) down #3 0x00007ff5811bb8ae in mfp_hostaddr (qu=3D0x2478590, rrp=3D0x24af8f0) = at ../src/types.c:992 992 adns__makefinal_block(qu, &tablev, rrp->naddrs*addrsz); (gdb) print rrp->naddrs $9 =3D -1 From debbugs-submit-bounces@debbugs.gnu.org Fri Aug 12 17:12:43 2016 Received: (at 22811) by debbugs.gnu.org; 12 Aug 2016 21:12:43 +0000 Received: from localhost ([127.0.0.1]:55485 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bYJkx-0004ks-4n for submit@debbugs.gnu.org; Fri, 12 Aug 2016 17:12:43 -0400 Received: from chiark.greenend.org.uk ([212.13.197.229]:60701 ident=Debian-exim) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bYJkv-0004kk-Cr for 22811@debbugs.gnu.org; Fri, 12 Aug 2016 17:12:41 -0400 Received: by chiark.greenend.org.uk (Debian Exim 4.84_2 #1) with local (return-path ijackson@chiark.greenend.org.uk) id 1bYJku-0001jm-JB; Fri, 12 Aug 2016 22:12:40 +0100 From: Ian Jackson MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <22446.15304.528894.311459@chiark.greenend.org.uk> Date: Fri, 12 Aug 2016 22:12:40 +0100 To: Jared Mauch Subject: Re: bug#22811: adns crash bugfix/patch Newsgroups: chiark.mail.adns.discuss In-Reply-To: References: X-Mailer: VM 8.2.0b under 24.4.1 (i586-pc-linux-gnu) X-Spam-Score: -2.8 (--) X-Debbugs-Envelope-To: 22811 Cc: 22811@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.8 (--) Jared Mauch writes ("bug#22811: adns crash bugfix/patch"): > This occurs when something is queried and comes back bogus/semi-bogus, eg: Thanks. I have a different fix for this in my tree which I am about to release. Regards, Ian.