Re: Privoxy crashes on one OpenBSD machine but not another

Fabian Keil Wed, 03 Jun 2020 12:16:26 -0700

TJ <dll-kms...@protonmail.com> wrote:

> I'm migrating my system configs from one OpenBSD machine (Pentium 4) to
> another (Core 2 Duo).
> 
> I noticed unpredictable crashes of the Privoxy package when run and used
> on the C2D computer. These crashes don't occur on the P4 at all, with
> the same traffic.


I tried to reproduce the crashes with OpenBSD 6.7 amd64
and Privoxy 3.0.29 built from git and Privoxy reliably
crashes when executing a regression test ...

The crash I encountered seems to be triggered by long
host names resolved from a thread.

Here's a reduced test case:

openbsd$ cat resolve.c 
#include <netdb.h>
#include <pthread.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>

pthread_mutex_t mutex;

void resolve(char *host) {
    int error;
    error = pthread_mutex_lock(&mutex);
    if (error) {
        printf("Locking failed: %s", strerror(error));
        exit(1);
    }
    printf("Calling gethostbyname with %s\n", host);
    gethostbyname(host);
    pthread_mutex_unlock(&mutex);
}

int main(int argc, char **argv) {
    pthread_t the_thread;
    pthread_attr_t attrs;
    int i;

    if (!argc) {
        printf("No argument to resolve given\n");
        exit(1);
    }

    pthread_attr_init(&attrs);
    pthread_attr_setdetachstate(&attrs, PTHREAD_CREATE_DETACHED);

    pthread_mutex_init(&mutex, NULL);

    for (i = 0; i < 3; i++) {
        pthread_create(&the_thread, &attrs, (void * (*)(void *))resolve, 
argv[1]);
    }

    sleep(1);

    exit(0);
}
openbsd$ clang -pthread -ggdb -Wall -o resolve resolve.c 
openbsd$ ./resolve 
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.example.org
Calling gethostbyname with 
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.example.org
Calling gethostbyname with 
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.example.org
Calling gethostbyname with 
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.example.org
openbsd$ ./resolve 
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.example.org
Calling gethostbyname with 
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.example.org
Segmentation fault (core dumped) 
openbsd$ egdb resolve resolve.core
GNU gdb (GDB) 7.12.1
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-unknown-openbsd6.7".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from resolve...done.
[New process 616459]
[New process 145207]
[New process 578084]
[New process 517316]
Core was generated by `resolve'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x0000031a025d201d in unpack_data (p=0x31a6a754b40, data=0x31a6a754b70, 
len=12) at /usr/src/lib/libc/asr/asr_utils.c:193
193     /usr/src/lib/libc/asr/asr_utils.c: No such file or directory.
[Current thread is 1 (process 616459)]
(gdb) where
#0  0x0000031a025d201d in unpack_data (p=0x31a6a754b40, data=0x31a6a754b70, 
len=12) at /usr/src/lib/libc/asr/asr_utils.c:193
#1  _asr_unpack_header (p=0x31a6a754b40, h=0x31a6a754b70) at 
/usr/src/lib/libc/asr/asr_utils.c:257
#2  0x0000031a0265db34 in hostent_from_packet (reqtype=3, family=2, 
pkt=<optimized out>, pktlen=<optimized out>) at 
/usr/src/lib/libc/asr/gethostnamadr_async.c:463
#3  gethostnamadr_async_run (as=<optimized out>, ar=<optimized out>) at 
/usr/src/lib/libc/asr/gethostnamadr_async.c:305
#4  0x0000031a02603308 in _libc_asr_run (as=0x319e01a2e00, ar=0x31a6a754c70) at 
/usr/src/lib/libc/asr/asr.c:176
#5  _libc_asr_run_sync (as=0x319e01a2e00, ar=0x31a6a754c70) at 
/usr/src/lib/libc/asr/asr.c:223
#6  0x0000031a025f994e in _gethostbyname (name=0x7f7ffffd01ba 'A' <repeats 64 
times>, ".example.org", af=2, ret=<optimized out>, buflen=4096, 
h_errnop=<optimized out>, buf=<optimized out>)
    at /usr/src/lib/libc/asr/gethostnamadr.c:119
#7  _libc_gethostbyname2 (name=0x7f7ffffd01ba 'A' <repeats 64 times>, 
".example.org", af=2) at /usr/src/lib/libc/asr/gethostnamadr.c:154
#8  0x00000317d0a323c4 in resolve (host=0x7f7ffffd01ba 'A' <repeats 64 times>, 
".example.org") at resolve.c:18
#9  0x0000031ab56970d1 in _rthread_start (v=<optimized out>) at 
/usr/src/lib/librthread/rthread.c:96
#10 0x0000031a0264cdb8 in __tfork_thread () at 
/usr/src/lib/libc/arch/amd64/sys/tfork_thread.S:77
#11 0x0000000000000000 in ?? ()

Fabian

Re: Privoxy crashes on one OpenBSD machine but not another

Reply via email to