From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <glibc-bugs-return-26500-listarch-glibc-bugs=sources.redhat.com@sourceware.org>
Received: (qmail 11514 invoked by alias); 31 Oct 2014 08:12:31 -0000
Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <glibc-bugs.sourceware.org>
List-Subscribe: <mailto:glibc-bugs-subscribe@sourceware.org>
List-Post: <mailto:glibc-bugs@sourceware.org>
List-Help: <mailto:glibc-bugs-help@sourceware.org>, <http://sourceware.org/lists.html#faqs>
Sender: glibc-bugs-owner@sourceware.org
Received: (qmail 11475 invoked by uid 48); 31 Oct 2014 08:12:27 -0000
From: "aoliva at sourceware dot org" <sourceware-bugzilla@sourceware.org>
To: glibc-bugs@sourceware.org
Subject: [Bug network/16001] calls to getaddrinfo() leak memory.
Date: Fri, 31 Oct 2014 08:12:00 -0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: glibc
X-Bugzilla-Component: network
X-Bugzilla-Version: 2.18
X-Bugzilla-Keywords:
X-Bugzilla-Severity: normal
X-Bugzilla-Who: aoliva at sourceware dot org
X-Bugzilla-Status: RESOLVED
X-Bugzilla-Priority: P2
X-Bugzilla-Assigned-To: unassigned at sourceware dot org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: security-
X-Bugzilla-Changed-Fields:
Message-ID: <bug-16001-131-MRF5ID2Gi3@http.sourceware.org/bugzilla/>
In-Reply-To: <bug-16001-131@http.sourceware.org/bugzilla/>
References: <bug-16001-131@http.sourceware.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: http://sourceware.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-SW-Source: 2014-10/txt/msg00136.txt.bz2

https://sourceware.org/bugzilla/show_bug.cgi?id=16001

--- Comment #7 from Alexandre Oliva <aoliva at sourceware dot org> ---
The current refcounting code is significantly different now than it was when
you reported the patch.  I see usecnt is initialized to 2 (1 use for the cache,
1 use to be freed by the caller), and it's incremented when the cached list is
reused, and decremented when the cache is replaced or when the list is freed. 
I don't see how this could possibly leak in6ai lists.  Is this what used to
leak before?  If so, can you confirm that the problem is fixed?

One problem I do see is that getaddrinfo, the only caller of check_pf, sorts a
potentially shared in6ai list without any guards to prevent multiple threads
from trying to do that concurrently and messing the array up.

-- 
You are receiving this mail because:
You are on the CC list for the bug.