Bug 20243

Summary: Misaligned access in res_query.c HEADER struct
Product: glibc Reporter: John David Anglin <danglin>
Component: networkAssignee: Not yet assigned to anyone <unassigned>
Status: NEW ---    
Severity: normal CC: deller, fweimer
Priority: P2 Flags: fweimer: security-
Version: 2.22   
Target Milestone: ---   
Host: hppa-unknown-linux-gnu Target: hppa-unknown-linux-gnu
Build: hppa-unknown-linux-gnu Last reconfirmed:

Description John David Anglin 2016-06-11 17:19:25 UTC
For some time, we see various unaligned exceptions running apt-get on hppa:

http(13559): unaligned access to 0x00000000fa703d49 at ip=0x00000000f9f0a9bb
handle_unaligned: 37 callbacks suppressed
http(13810): unaligned access to 0x00000000fa703d49 at ip=0x00000000f9f0a9bb
http(13810): unaligned access to 0x00000000fa703d49 at ip=0x00000000f9f0a9c3
http(13810): unaligned access to 0x00000000fa703d49 at ip=0x00000000f9f0cdf3
http(13810): unaligned access to 0x00000000fa703d49 at ip=0x00000000f9f0cecf
http(13810): unaligned access to 0x00000000fa703d4d at ip=0x00000000f9f0c69b

Helge and myself tracked the first of these exceptions to the following line
in res_query.c:

        hp->rcode = NOERROR;    /* default */

The argument answer has the type u_char *.  Thus, the function __libc_res_nquery
should nominally be prepared to access the HEADER struct on a byte boundary.
However, the struct HEADER is not defined with the packed attribute, so accesses
to the bit fields in the struct are done with word rather than byte accesses.
This causes the above faults.

This is very inefficient on strict alignment targets such as hppa and ia64, and
slow on x86, etc.

Adding "__attribute__((packed))" to the HEADER typedef appears to eliminate
the unaligned accesses from http.
Comment 1 John David Anglin 2016-06-15 11:45:25 UTC
Patch here:
https://sourceware.org/ml/libc-alpha/2016-06/msg00581.html
Comment 2 John David Anglin 2016-06-17 22:57:39 UTC
New patch here:
https://sourceware.org/ml/libc-alpha/2016-06/msg00679.html
Comment 3 John David Anglin 2016-06-25 16:05:51 UTC
New patch is here:
https://sourceware.org/ml/libc-alpha/2016-06/msg01020.html