This is the mail archive of the glibc-bugs@sources.redhat.com mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug nptl/434] New: Probable bug: pd->res being left uninitialised

From: "thiago dot macieira at kdemail dot net" <sourceware-bugzilla at sources dot redhat dot com>
To: glibc-bugs at sources dot redhat dot com
Date: 8 Oct 2004 23:51:37 -0000
Subject: [Bug nptl/434] New: Probable bug: pd->res being left uninitialised
Reply-to: sourceware-bugzilla at sources dot redhat dot com

Some system information: 
Linux kernel: 2.6.8.1 #19 Wed Oct 6 12:33:33 BRT 2004 i686 unknown unknown 
GNU/Linux 
Distribution: Conectiva Snapshot 
glibc: 2.3.3 (release 20040927T0611) 
 
I believe I have found a bug in glibc's NPTL code, which affects 
name-resolution in multi-threaded environments. It appears to be the cause to 
the KDE bug# 86271 (http://bugs.kde.org/show_bug.cgi?id=86271). The bug 
happens in the following specific conditions: 
 
- nameservers in /etc/resolv.conf are IPv6 
- resolver functions are called from auxiliary threads 
- those threads are "re-created" over and over: that is, they exit then get 
started again 
A test case program will be attached. 
 
When that happens, a "re-created" thread gets an uninitialised pd->res 
structure. More to the point, with NPTL, the structure is actually exactly the 
way it was left before the thread exited. The problem with that is that the 
RES_INIT flag is already set, which causes the system not to re-init the 
resolver subsystem. 
 
IPv4 servers are not affected because their addresses are stored directly in 
pd->res, while IPv6 ones are malloc()ed and, thus, free()d by 
res_thread_freeres (resolv/res_init.c). What then happens is that the 
libresolv.so functions do not have an IP address where to send their DNS 
queries to. 
 
The following workarounds are possible for code currently affected by this: 
1) do not exit the thread, only to restart it later 
2) call res_init by hand 
 
However, I believe the proper fix to be to clear out the whole pd structure 
before using it. I believed mmap(2) would do that, but apparently it doesn't 
in all cases.

-- 
           Summary: Probable bug: pd->res being left uninitialised
           Product: glibc
           Version: 2.3.3
            Status: NEW
          Severity: normal
          Priority: P2
         Component: nptl
        AssignedTo: drepper at redhat dot com
        ReportedBy: thiago dot macieira at kdemail dot net
                CC: glibc-bugs at sources dot redhat dot com
 GCC build triplet: i686-pc-linux-gnu
  GCC host triplet: i686-pc-linux-gnu
GCC target triplet: i686-pc-linux-gnu


http://sources.redhat.com/bugzilla/show_bug.cgi?id=434

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

Follow-Ups:
- [Bug nptl/434] Probable bug: pd->res being left uninitialised
  - From: thiago dot macieira at kdemail dot net
- [Bug nptl/434] Probable bug: pd->res being left uninitialised
  - From: thiago dot macieira at kdemail dot net
- [Bug nptl/434] Probable bug: pd->res being left uninitialised
  - From: thiago dot macieira at kdemail dot net
- [Bug nptl/434] Probable bug: pd->res being left uninitialised
  - From: drepper at redhat dot com

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]