Hi,
A fix has been commited.
Thanks for investigated the problem and provided a test case. It was very
useful to properly found the state corruption.
--
Sebastien Marie
On Wed, Jun 03, 2020 at 07:22:52PM +0200, Fabian Keil wrote:
> TJ <dll-kms...@protonmail.com> wrote:
>
> > I'm migrating my system configs from one OpenBSD machine (Pentium 4) to
> > another (Core 2 Duo).
> >
> > I noticed unpredictable crashes of the Privoxy package when run and used
> > on the C2D computer. These crashes don't occur on the P4 at all, with
> > the same traffic.
>
> I tried to reproduce the crashes with OpenBSD 6.7 amd64
> and Privoxy 3.0.29 built from git and Privoxy reliably
> crashes when executing a regression test ...
>
> The crash I encountered seems to be triggered by long
> host names resolved from a thread.
>
> Here's a reduced test case:
>
> openbsd$ cat resolve.c
> #include <netdb.h>
> #include <pthread.h>
> #include <stdio.h>
> #include <stdlib.h>
> #include <string.h>
> #include <unistd.h>
>
> pthread_mutex_t mutex;
>
> void resolve(char *host) {
> int error;
> error = pthread_mutex_lock(&mutex);
> if (error) {
> printf("Locking failed: %s", strerror(error));
> exit(1);
> }
> printf("Calling gethostbyname with %s\n", host);
> gethostbyname(host);
> pthread_mutex_unlock(&mutex);
> }
>
> int main(int argc, char **argv) {
> pthread_t the_thread;
> pthread_attr_t attrs;
> int i;
>
> if (!argc) {
> printf("No argument to resolve given\n");
> exit(1);
> }
>
> pthread_attr_init(&attrs);
> pthread_attr_setdetachstate(&attrs, PTHREAD_CREATE_DETACHED);
>
> pthread_mutex_init(&mutex, NULL);
>
> for (i = 0; i < 3; i++) {
> pthread_create(&the_thread, &attrs, (void * (*)(void *))resolve,
> argv[1]);
> }
>
> sleep(1);
>
> exit(0);
> }
> openbsd$ clang -pthread -ggdb -Wall -o resolve resolve.c
> openbsd$ ./resolve
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.example.org
> Calling gethostbyname with
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.example.org
> Calling gethostbyname with
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.example.org
> Calling gethostbyname with
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.example.org
> openbsd$ ./resolve
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.example.org
> Calling gethostbyname with
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.example.org
> Segmentation fault (core dumped)
> openbsd$ egdb resolve resolve.core
> GNU gdb (GDB) 7.12.1
> Copyright (C) 2017 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law. Type "show copying"
> and "show warranty" for details.
> This GDB was configured as "x86_64-unknown-openbsd6.7".
> Type "show configuration" for configuration details.
> For bug reporting instructions, please see:
> <http://www.gnu.org/software/gdb/bugs/>.
> Find the GDB manual and other documentation resources online at:
> <http://www.gnu.org/software/gdb/documentation/>.
> For help, type "help".
> Type "apropos word" to search for commands related to "word"...
> Reading symbols from resolve...done.
> [New process 616459]
> [New process 145207]
> [New process 578084]
> [New process 517316]
> Core was generated by `resolve'.
> Program terminated with signal SIGSEGV, Segmentation fault.
> #0 0x0000031a025d201d in unpack_data (p=0x31a6a754b40, data=0x31a6a754b70,
> len=12) at /usr/src/lib/libc/asr/asr_utils.c:193
> 193 /usr/src/lib/libc/asr/asr_utils.c: No such file or directory.
> [Current thread is 1 (process 616459)]
> (gdb) where
> #0 0x0000031a025d201d in unpack_data (p=0x31a6a754b40, data=0x31a6a754b70,
> len=12) at /usr/src/lib/libc/asr/asr_utils.c:193
> #1 _asr_unpack_header (p=0x31a6a754b40, h=0x31a6a754b70) at
> /usr/src/lib/libc/asr/asr_utils.c:257
> #2 0x0000031a0265db34 in hostent_from_packet (reqtype=3, family=2,
> pkt=<optimized out>, pktlen=<optimized out>) at
> /usr/src/lib/libc/asr/gethostnamadr_async.c:463
> #3 gethostnamadr_async_run (as=<optimized out>, ar=<optimized out>) at
> /usr/src/lib/libc/asr/gethostnamadr_async.c:305
> #4 0x0000031a02603308 in _libc_asr_run (as=0x319e01a2e00, ar=0x31a6a754c70)
> at /usr/src/lib/libc/asr/asr.c:176
> #5 _libc_asr_run_sync (as=0x319e01a2e00, ar=0x31a6a754c70) at
> /usr/src/lib/libc/asr/asr.c:223
> #6 0x0000031a025f994e in _gethostbyname (name=0x7f7ffffd01ba 'A' <repeats 64
> times>, ".example.org", af=2, ret=<optimized out>, buflen=4096,
> h_errnop=<optimized out>, buf=<optimized out>)
> at /usr/src/lib/libc/asr/gethostnamadr.c:119
> #7 _libc_gethostbyname2 (name=0x7f7ffffd01ba 'A' <repeats 64 times>,
> ".example.org", af=2) at /usr/src/lib/libc/asr/gethostnamadr.c:154
> #8 0x00000317d0a323c4 in resolve (host=0x7f7ffffd01ba 'A' <repeats 64
> times>, ".example.org") at resolve.c:18
> #9 0x0000031ab56970d1 in _rthread_start (v=<optimized out>) at
> /usr/src/lib/librthread/rthread.c:96
> #10 0x0000031a0264cdb8 in __tfork_thread () at
> /usr/src/lib/libc/arch/amd64/sys/tfork_thread.S:77
> #11 0x0000000000000000 in ?? ()
>
> Fabian
>
