Bug 20243 - Misaligned access in res_query.c HEADER struct
Summary: Misaligned access in res_query.c HEADER struct
Status: NEW
Alias: None
Product: glibc
Classification: Unclassified
Component: network (show other bugs)
Version: 2.22
: P2 normal
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-06-11 17:19 UTC by John David Anglin
Modified: 2016-06-25 16:05 UTC (History)
2 users (show)

See Also:
Host: hppa-unknown-linux-gnu
Target: hppa-unknown-linux-gnu
Build: hppa-unknown-linux-gnu
Last reconfirmed:
fweimer: security-


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John David Anglin 2016-06-11 17:19:25 UTC
For some time, we see various unaligned exceptions running apt-get on hppa:

http(13559): unaligned access to 0x00000000fa703d49 at ip=0x00000000f9f0a9bb
handle_unaligned: 37 callbacks suppressed
http(13810): unaligned access to 0x00000000fa703d49 at ip=0x00000000f9f0a9bb
http(13810): unaligned access to 0x00000000fa703d49 at ip=0x00000000f9f0a9c3
http(13810): unaligned access to 0x00000000fa703d49 at ip=0x00000000f9f0cdf3
http(13810): unaligned access to 0x00000000fa703d49 at ip=0x00000000f9f0cecf
http(13810): unaligned access to 0x00000000fa703d4d at ip=0x00000000f9f0c69b

Helge and myself tracked the first of these exceptions to the following line
in res_query.c:

        hp->rcode = NOERROR;    /* default */

The argument answer has the type u_char *.  Thus, the function __libc_res_nquery
should nominally be prepared to access the HEADER struct on a byte boundary.
However, the struct HEADER is not defined with the packed attribute, so accesses
to the bit fields in the struct are done with word rather than byte accesses.
This causes the above faults.

This is very inefficient on strict alignment targets such as hppa and ia64, and
slow on x86, etc.

Adding "__attribute__((packed))" to the HEADER typedef appears to eliminate
the unaligned accesses from http.
Comment 1 John David Anglin 2016-06-15 11:45:25 UTC
Patch here:
https://sourceware.org/ml/libc-alpha/2016-06/msg00581.html
Comment 2 John David Anglin 2016-06-17 22:57:39 UTC
New patch here:
https://sourceware.org/ml/libc-alpha/2016-06/msg00679.html
Comment 3 John David Anglin 2016-06-25 16:05:51 UTC
New patch is here:
https://sourceware.org/ml/libc-alpha/2016-06/msg01020.html