On Wed, Aug 13, 2008 at 02:53:44PM -0400, Matthew Von-Maszewski wrote:
Package: libc6
Version: 2.7-13
Severity: important
Tags: patch
getaddrinfo_a creates a segfault in its worker thread due to the
stack
size being too small. Segfault happens here:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x40003950 (LWP 25753)]
__res_vinit (statp=0x40003dc8, preinit=0) at res_init.c:179
179 statp->id = res_randomid();
Upon entering __res_vinit, the stack pointer goes into the 0x1000
byte
guard region at the bottom of the thread's segment.
The call into res_randomid causes the segment violation. The code in
res_randomid is never reached.
Here is a sample program to tickle the bug:
#include <string.h>
#include <netdb.h>
#include <signal.h>
int
main(void)
{
int ret_val;
struct sigevent sig;
struct gaicb gaistruct;
memset(&gaistruct, 0, sizeof(gaistruct));
struct gaicb *gptr[1];
gptr[0] = &gaistruct;
memset(&sig, 0, sizeof(sig));
gptr[0]->ar_name = "a";
sig.sigev_notify = SIGEV_NONE;
ret_val = getaddrinfo_a(GAI_WAIT, gptr, 1, &sig);
return 0;
}
Root cause of the bug is in debian/linuxthreads/sysdeps/pthread/
gai_misc.h. The code sets the stack size for
Are you kidding? linuxthreads is not used on amd64 for a long time.
Given
this code is not even compiled on amd64, it can't be the root of the
problem.
--
.''`. Aurelien Jarno | GPG: 1024D/F1BCDB73
: :' : Debian developer | Electrical Engineer
`. `' aurel32@debian.org | aurelien@aurel32.net
`- people.debian.org/~aurel32 | www.aurel32.net