Fix crash when system has no ipv6 address [BZ #17125]
Commit Message
Hi,
The test case bug-ga2 crashes when the system it is running on has no
ipv6 address configured. This is because we point the cache (that is
freed on exit) to a static variable if there is no ipv6 address, which
later results in freeing an invalid pointer.
Following patch fixes this crash.
Siddhesh
[BZ #17125]
* sysdeps/unix/sysv/linux/check_pf.c (make_request): Allocate
result using malloc.
Comments
Siddhesh Poyarekar <siddhesh@redhat.com> writes:
> The test case bug-ga2 crashes when the system it is running on has no
> ipv6 address configured. This is because we point the cache (that is
> freed on exit) to a static variable if there is no ipv6 address, which
> later results in freeing an invalid pointer.
Why is this not working?
.usecnt = 1, /* Make sure we never try to delete this entry. */
Andreas.
On Tue, Jul 08, 2014 at 02:16:30PM +0200, Andreas Schwab wrote:
> Siddhesh Poyarekar <siddhesh@redhat.com> writes:
>
> > The test case bug-ga2 crashes when the system it is running on has no
> > ipv6 address configured. This is because we point the cache (that is
> > freed on exit) to a static variable if there is no ipv6 address, which
> > later results in freeing an invalid pointer.
>
> Why is this not working?
>
> .usecnt = 1, /* Make sure we never try to delete this entry. */
>
Because it uses free() instead of __free_in6ai. my patch has a leak
anyway, so it is wrong. I'll write another fix for it.
Siddhesh
@@ -311,7 +311,8 @@ make_request (int fd, pid_t pid)
atomic_add (&noai6ai_cached.usecnt, 2);
noai6ai_cached.seen_ipv4 = seen_ipv4;
noai6ai_cached.seen_ipv6 = seen_ipv6;
- result = &noai6ai_cached;
+ result = malloc (sizeof (noai6ai_cached));
+ memcpy (result, &noai6ai_cached, sizeof (noai6ai_cached));
}
if (use_malloc)