Bug 5491 - Valgrind detects invalid read during getaddrinfo w/o nscd running
Summary: Valgrind detects invalid read during getaddrinfo w/o nscd running
Status: RESOLVED WORKSFORME
Alias: None
Product: glibc
Classification: Unclassified
Component: libc (show other bugs)
Version: unspecified
: P2 normal
Target Milestone: ---
Assignee: Ulrich Drepper
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-12-17 04:27 UTC by Thomas Harning
Modified: 2014-07-03 11:48 UTC (History)
2 users (show)

See Also:
Host: x86_64-pc-linux-gnu
Target: x86_64-pc-linux-gnu
Build: x86_64-pc-linux-gnu
Last reconfirmed:
fweimer: security-

Attachments
64-bit valgrind output (491 bytes, text/plain)
2007-12-17 04:28 UTC, Thomas Harning 		Details
32-bit valgrind output (483 bytes, text/plain)
2007-12-17 04:28 UTC, Thomas Harning 		Details
src sample which demonstrates the problem (266 bytes, text/plain)
2007-12-17 04:29 UTC, Thomas Harning 		Details
Sample code (289 bytes, text/x-csrc)
2013-05-18 10:05 UTC, gglater62 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Harning 2007-12-17 04:27:55 UTC 
This is using glibc 2.7 (the entry box needs to be fixed...)

When I use getaddrinfo, valgrind detects a read of size 8 when 'nscd' is not
running.  When 'nscd' is running, it does not...
(In 32-bit mode it is an invalid read of size 4 ... so I bet its a ptr or size_t...)

Attached is a source file which demonstrates this problem.
Also attached is the 2 valgrind outputs (32 and 64-bit versions).


Details:
I'm running Gentoo Linux w/ `uname -a`:
Linux shiva 2.6.22-ck1 #6 SMP Tue Sep 25 04:53:20 EDT 2007 x86_64 AMD Athlon(tm)
64 X2 Dual Core Processor 6000+ AuthenticAMD GNU/Linux
Comment 1 Thomas Harning 2007-12-17 04:28:28 UTC 
Created attachment 2141 [details]
64-bit valgrind output
Comment 2 Thomas Harning 2007-12-17 04:28:51 UTC 
Created attachment 2142 [details]
32-bit valgrind output
Comment 3 Thomas Harning 2007-12-17 04:29:25 UTC 
Created attachment 2143 [details]
src sample which demonstrates the problem
Comment 4 Ulrich Drepper 2008-01-11 00:31:27 UTC 
I cannot reproduce any problem, neither in the 2.7 in F8 nor the current
mainline glibc.  You'll have to debug this yourself.  E.g., run with debug
information for glibc installed.
Comment 5 Ulrich Drepper 2008-04-07 18:21:43 UTC 
No reply in 3 months.  If you have the requested information attach it and
reopen the bug.
Comment 6 ry 2009-06-10 14:12:19 UTC 
I am also experiencing this with libc 2.7-10ubuntu4 and gcc version 4.2.4 (Ubuntu 
4.2.4-1ubuntu3).
Comment 7 Petr Baudis 2009-06-10 17:52:45 UTC 
I can't reproduce this either.

If you can, can you try to reproduce this on glibc-2.10 or the latest glibc
mainline? If not, the best course of action I think is to file the bug with your
distribution instead.
Comment 8 Petr Baudis 2010-06-01 03:33:52 UTC 
no further response
Comment 9 gglater62 2013-05-18 10:05:40 UTC 
Created attachment 7034 [details]
Sample code

With this sample code valgrind shows errors:
==2394== Syscall param sendmsg(mmsg[0].msg_hdr) points to uninitialised byte(s)
==2394==    at 0x41435B6: sendmmsg (in /lib/libc-2.17.so)
==2394==    by 0x4625254: __libc_res_nsend (in /lib/libresolv-2.17.so)
==2394==    by 0x462292B: __libc_res_nquery (in /lib/libresolv-2.17.so)
==2394==    by 0x4622F4C: __libc_res_nquerydomain (in /lib/libresolv-2.17.so)
==2394==    by 0x462357B: __libc_res_nsearch (in /lib/libresolv-2.17.so)
==2394==    by 0x4617605: _nss_dns_gethostbyname4_r (in /lib/libnss_dns-2.17.so)
==2394==    by 0x412631E: gaih_inet (in /lib/libc-2.17.so)
==2394==    by 0x41292F2: getaddrinfo (in /lib/libc-2.17.so)
==2394==    by 0x8048514: do_real_lookup (in /home/users/pld/C/a.out)
==2394==    by 0x804853B: main (in /home/users/pld/C/a.out)

I looked at the code and in resolv/res_send.c around line 1115 reqs[0].msg_hdr.msg_flags and reqs[1].msg_hdr.msg_flags are not initialised.
Comment 10 Andreas Schwab 2013-05-18 10:28:05 UTC 
msg_hdr.msg_flags is not used by sendmmsg.