This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug nscd/9741] New: nscd segmentation fault if nentries is large
- From: "j-nomura at ce dot jp dot nec dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: 14 Jan 2009 02:51:34 -0000
- Subject: [Bug nscd/9741] New: nscd segmentation fault if nentries is large
- Reply-to: sourceware-bugzilla at sourceware dot org
gc() of nscd allocates work areas (he and he_data) and the size of the areas are
determined by the number of cache entries.
If the required size is too large for alloca, the area is allocated by xmalloc.
However, in such case, it sets wrong address for he_data and segfaults when
accessing he_data.
From
http://sourceware.org/cgi-bin/cvsweb.cgi/libc/nscd/mem.c?rev=1.3.2.10&content-type=text/x-cvsweb-markup&cvsroot=glibc
--
/* Create an array which can hold pointer to all the entries in hash
entries. */
memory_needed = 2 * db->head->nentries * sizeof (struct hashentry *);
struct hashentry **he;
struct hashentry **he_data;
<snip>
he = xmalloc (memory_needed);
he_data = &he[db->head->nentries * sizeof (struct hashentry *)];
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
"* sizeof (struct hashentry *)" is not necessary here.
Something like this can reproduce the problem.
-----------------------------------------------
#include <grp.h>
int
main(int argc, char** argv)
{
int i;
struct group *g;
for(i = 0; ;i++)
g = getgrgid(i);
return 0;
}
--
Summary: nscd segmentation fault if nentries is large
Product: glibc
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: nscd
AssignedTo: drepper at redhat dot com
ReportedBy: j-nomura at ce dot jp dot nec dot com
CC: glibc-bugs at sources dot redhat dot com
http://sourceware.org/bugzilla/show_bug.cgi?id=9741
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.