This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH v2 1/3] Fix __check_pf()/make_request() stack overflow segfault (convert to malloc)

From: "Banerjee, Debabrata" <dbanerje at akamai dot com>
To: Siddhesh Poyarekar <siddhesh at redhat dot com>, Ondřej Bílka <neleai at seznam dot cz>
Cc: "Pengcheng dot Chen at gmail dot com" <Pengcheng dot Chen at gmail dot com>, "libc-alpha at sourceware dot org" <libc-alpha at sourceware dot org>, Carlos O'Donell <carlos at redhat dot com>
Date: Tue, 21 Jan 2014 09:51:12 -0500
Subject: Re: [PATCH v2 1/3] Fix __check_pf()/make_request() stack overflow segfault (convert to malloc)
Authentication-results: sourceware.org; auth=none
References: <524E4504 dot 6050603 at redhat dot com> <1383268213-14349-1-git-send-email-dbanerje at akamai dot com> <20140116225341 dot GA23189 at domone dot podge> <CEFDCD71 dot 2C670%dbanerje at akamai dot com> <20140117002246 dot GA14011 at domone dot podge> <20140120114139 dot GD5544 at spoyarek dot pnq dot redhat dot com>

On 1/20/14, 6:41 AM, "Siddhesh Poyarekar" <siddhesh@redhat.com> wrote:

>On Fri, Jan 17, 2014 at 01:22:46AM +0100, Ondřej Bílka wrote:
>> which only copies list into malloced array while preserving ordering.
>> 
>> A better way would be to malloc result at start and write into in6ai
>> array directly, calling realloc to double size as necessary. At end we
>> could optionally trim memory at end.
>> 
>> This should also be more effective as one big copy is faster when you
>> need to copy same amount of data in small chunks.
>
>Interface configuration shouldn't change all the time, so the
>reallocation event ought to be infrequent enough that we need not
>worry about it.  In fact in the common case of the interfaces not
>changing, we should end up with just one allocation, with subsequent
>getaddrinfo calls resulting in only copies.
>
>nscd makes this even better by caching the interfaces so that the
>query itself is avoided.

That's only if glibc is built as part of nscd. In the normal path there is
no caching. The leak was introduced by the special casing for the nscd
build.

Also, remember that you can have thousands of interfaces that are dynamic.
The number of interfaces allowed in the kernel is likely a long. Multiply
by an often used library call, and it's clear why you can have crashing
and performance issues here.

-Deb

Follow-Ups:
- Re: [PATCH v2 1/3] Fix __check_pf()/make_request() stack overflow segfault (convert to malloc)
  - From: Siddhesh Poyarekar

References:
- [PATCH v2 1/3] Fix __check_pf()/make_request() stack overflow segfault (convert to malloc)
  - From: OndÅej BÃlka
- Re: [PATCH v2 1/3] Fix __check_pf()/make_request() stack overflow segfault (convert to malloc)
  - From: Banerjee, Debabrata
- Re: [PATCH v2 1/3] Fix __check_pf()/make_request() stack overflow segfault (convert to malloc)
  - From: OndÅej BÃlka
- Re: [PATCH v2 1/3] Fix __check_pf()/make_request() stack overflow segfault (convert to malloc)
  - From: Siddhesh Poyarekar

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]