From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 13369 invoked by alias); 21 Jul 2011 16:47:02 -0000 Received: (qmail 13352 invoked by uid 22791); 21 Jul 2011 16:47:00 -0000 X-SWARE-Spam-Status: No, hits=-2.8 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 X-Spam-Check-By: sourceware.org Received: from localhost (HELO sourceware.org) (127.0.0.1) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Thu, 21 Jul 2011 16:46:47 +0000 From: "aurelien at aurel32 dot net" To: glibc-bugs@sources.redhat.com Subject: [Bug libc/13013] New: assertion error in res_query.c X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: libc X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: aurelien at aurel32 dot net X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: drepper.fsp at gmail dot com X-Bugzilla-Target-Milestone: --- X-Bugzilla-Changed-Fields: Message-ID: X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated Content-Type: text/plain; charset="UTF-8" MIME-Version: 1.0 Date: Thu, 21 Jul 2011 16:47:00 -0000 Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-owner@sourceware.org X-SW-Source: 2011-07/txt/msg00099.txt.bz2 http://sourceware.org/bugzilla/show_bug.cgi?id=13013 Summary: assertion error in res_query.c Product: glibc Version: unspecified Status: NEW Severity: normal Priority: P2 Component: libc AssignedTo: drepper.fsp@gmail.com ReportedBy: aurelien@aurel32.net Created attachment 5855 --> http://sourceware.org/bugzilla/attachment.cgi?id=5855 Patch to fix the issue Commit 4769ae77fc6c8dacea6476addb015c8797848cdd a regression in the resolver code, which trigger an assert in some conditions: firefox-bin: res_query.c:251: __libc_res_nquery: Assertion `hp != hp2' failed. Aborting. When the first answer is a SERVFAIL, NOTIMP or REFUSED, resplen now got assigned 0, while recvresp1 or recvresp2 is set to 1: /* No data from the first reply. */ resplen = 0; When the second answer arrives, its buffer is allocated at *ansp + resplen, which means in that case *ansp and *ansp2 are equals: *anssizp2 = orig_anssizp - resplen; *ansp2 = *ansp + resplen; Given a second answer has still be provided, hp2 got assigned *answerp2, which is the same than *answer (see above), so hp == hp2. HEADER *hp2 = answerp2 ? (HEADER *) *answerp2 : hp; This is enough to trigger the assertion, that is the checks on the answer buffers doesn't match the checks on the response lengths. One way to fix that is to rewrite this part of the code to do all the checks on the response lenghts. This is what the attached patch does. -- Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.