This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/13013] New: assertion error in res_query.c
- From: "aurelien at aurel32 dot net" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: Thu, 21 Jul 2011 16:46:47 +0000
- Subject: [Bug libc/13013] New: assertion error in res_query.c
- Auto-submitted: auto-generated
http://sourceware.org/bugzilla/show_bug.cgi?id=13013
Summary: assertion error in res_query.c
Product: glibc
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: libc
AssignedTo: drepper.fsp@gmail.com
ReportedBy: aurelien@aurel32.net
Created attachment 5855
--> http://sourceware.org/bugzilla/attachment.cgi?id=5855
Patch to fix the issue
Commit 4769ae77fc6c8dacea6476addb015c8797848cdd a regression in the resolver
code, which trigger an assert in some conditions:
firefox-bin: res_query.c:251: __libc_res_nquery: Assertion `hp != hp2' failed.
Aborting.
When the first answer is a SERVFAIL, NOTIMP or REFUSED, resplen now got
assigned 0, while recvresp1 or recvresp2 is set to 1:
/* No data from the first reply. */
resplen = 0;
When the second answer arrives, its buffer is allocated at *ansp + resplen,
which means in that case *ansp and *ansp2 are equals:
*anssizp2 = orig_anssizp - resplen;
*ansp2 = *ansp + resplen;
Given a second answer has still be provided, hp2 got assigned *answerp2, which
is the same than *answer (see above), so hp == hp2.
HEADER *hp2 = answerp2 ? (HEADER *) *answerp2 : hp;
This is enough to trigger the assertion, that is the checks on the answer
buffers doesn't match the checks on the response lengths.
One way to fix that is to rewrite this part of the code to do all the checks on
the response lenghts. This is what the attached patch does.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.