This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/11387] New: glibc core dump in getaddrs() while new interfaces being added
- From: "xma at us dot ibm dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: 16 Mar 2010 15:52:46 -0000
- Subject: [Bug libc/11387] New: glibc core dump in getaddrs() while new interfaces being added
- Reply-to: sourceware-bugzilla at sourceware dot org
In ifaddrs.c, there are two messages to get RTM_NEWLINK and RTM_NEWADDR. These
two new messages are not atomic operation. getifaddrs() assumed every interface
index being achieved from RTM_GETADDR should be part of RTM_GETLINK, otherwise,
it calls abort(). Here is the source code for map_newlink()
/* We know the number of RTM_NEWLINK entries, so we reserve the first
# of entries for this type. All RTM_NEWADDR entries have an index
pointer to the RTM_NEWLINK entry. To find the entry, create
a table to map kernel index entries to our index numbers.
Since we get at first all RTM_NEWLINK entries, it can never happen
that a RTM_NEWADDR index is not known to this map. */
static int
internal_function
map_newlink (int index, struct ifaddrs_storage *ifas, int *map, int max)
{
int i;
for (i = 0; i < max; i++)
{
if (map[i] == -1)
{
map[i] = index;
if (i > 0)
ifas[i - 1].ifa.ifa_next = &ifas[i].ifa;
return i;
}
else if (map[i] == index)
return i;
}
/* This should never be reached. If this will be reached, we have
a very big problem. */
abort ();
}
When a new interface is added (like vlan, bonding...) which happens between
RTM_GETLINK and RTM_GETADDR, then it will cause coredump.
The simple fix could return EAGAIN or EBUSY when this happens, let caller to try
again. The complicated fix could have kernel to support dump RTM_GETADDR &
RTM_GETLINK in one message.
This bug is found in glibc 2.4. It also exists in current git tree.
--
Summary: glibc core dump in getaddrs() while new interfaces being
added
Product: glibc
Version: 2.4
Status: NEW
Severity: normal
Priority: P1
Component: libc
AssignedTo: drepper at redhat dot com
ReportedBy: xma at us dot ibm dot com
CC: glibc-bugs at sources dot redhat dot com
http://sourceware.org/bugzilla/show_bug.cgi?id=11387
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.