This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug nscd/16474] New: nscd accesses freed memory on netgroup query
- From: "siddhesh at redhat dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Tue, 21 Jan 2014 17:21:49 +0000
- Subject: [Bug nscd/16474] New: nscd accesses freed memory on netgroup query
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=16474
Bug ID: 16474
Summary: nscd accesses freed memory on netgroup query
Product: glibc
Version: 2.18
Status: NEW
Severity: normal
Priority: P2
Component: nscd
Assignee: siddhesh at redhat dot com
Reporter: siddhesh at redhat dot com
CC: drepper.fsp at gmail dot com
nscd accesses freed memory on netgroup query when there are a large number of
entries in a netgroup. This is easily seen by running nscd under valgrind.
How Reproducible:
Always
Steps to Reproduce:
1. Add a group (foo_long) with a large number of members (>1000)
2. valgrind nscd -d
3. getent netgroup foo_long
Actual Results:
==1802== Invalid read of size 1
==1802== at 0x4C2E640: memcpy@@GLIBC_2.14 (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==1802== by 0x1250CF: addgetnetgrentX (string3.h:51)
==1802== by 0x126D2D: addgetnetgrent (netgroupcache.c:646)
==1802== by 0x110C8C: nscd_run_worker (connections.c:1339)
==1802== by 0x4E3C172: start_thread (pthread_create.c:309)
==1802== by 0x59B737C: clone (clone.S:111)
==1802== Address 0x655b8e8 is 968 bytes inside a block of size 1,024 free'd
==1802== at 0x4C2C3AA: realloc (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==1802== by 0x11C29D: xrealloc (xmalloc.c:107)
==1802== by 0x125532: addgetnetgrentX (netgroupcache.c:245)
==1802== by 0x126D2D: addgetnetgrent (netgroupcache.c:646)
==1802== by 0x110C8C: nscd_run_worker (connections.c:1339)
==1802== by 0x4E3C172: start_thread (pthread_create.c:309)
==1802== by 0x59B737C: clone (clone.S:111)
==1802==
==1802== Invalid read of size 1
==1802== at 0x4C2E64E: memcpy@@GLIBC_2.14 (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==1802== by 0x1250CF: addgetnetgrentX (string3.h:51)
==1802== by 0x126D2D: addgetnetgrent (netgroupcache.c:646)
==1802== by 0x110C8C: nscd_run_worker (connections.c:1339)
==1802== by 0x4E3C172: start_thread (pthread_create.c:309)
==1802== by 0x59B737C: clone (clone.S:111)
==1802== Address 0x655b8ea is 970 bytes inside a block of size 1,024 free'd
==1802== at 0x4C2C3AA: realloc (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==1802== by 0x11C29D: xrealloc (xmalloc.c:107)
==1802== by 0x125532: addgetnetgrentX (netgroupcache.c:245)
==1802== by 0x126D2D: addgetnetgrent (netgroupcache.c:646)
==1802== by 0x110C8C: nscd_run_worker (connections.c:1339)
==1802== by 0x4E3C172: start_thread (pthread_create.c:309)
==1802== by 0x59B737C: clone (clone.S:111)
Expected Results:
No warnings.
Fix coming up.
--
You are receiving this mail because:
You are on the CC list for the bug.