This is the mail archive of the mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug libc/13013] New: assertion error in res_query.c

           Summary: assertion error in res_query.c
           Product: glibc
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: libc

Created attachment 5855
Patch to fix the issue

Commit 4769ae77fc6c8dacea6476addb015c8797848cdd a regression in the resolver
code, which trigger an assert in some conditions:

firefox-bin: res_query.c:251: __libc_res_nquery: Assertion `hp != hp2' failed.

When the first answer is a SERVFAIL, NOTIMP or REFUSED, resplen now got
assigned 0, while recvresp1 or recvresp2 is set to 1:

  /* No data from the first reply.  */
  resplen = 0;

When the second answer arrives, its buffer is allocated at *ansp + resplen,
which means in that case *ansp and *ansp2 are equals:

  *anssizp2 = orig_anssizp - resplen;
  *ansp2 = *ansp + resplen;

Given a second answer has still be provided, hp2 got assigned *answerp2, which
is the same than *answer (see above), so hp == hp2.

  HEADER *hp2 = answerp2 ? (HEADER *) *answerp2 : hp;

This is enough to trigger the assertion, that is the checks on the answer
buffers doesn't match the checks on the response lengths.

One way to fix that is to rewrite this part of the code to do all the checks on
the response lenghts. This is what the attached patch does.

Configure bugmail:
------- You are receiving this mail because: -------
You are on the CC list for the bug.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]