This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug nscd/16474] New: nscd accesses freed memory on netgroup query

From: "siddhesh at redhat dot com" <sourceware-bugzilla at sourceware dot org>
To: glibc-bugs at sourceware dot org
Date: Tue, 21 Jan 2014 17:21:49 +0000
Subject: [Bug nscd/16474] New: nscd accesses freed memory on netgroup query
Auto-submitted: auto-generated

https://sourceware.org/bugzilla/show_bug.cgi?id=16474

            Bug ID: 16474
           Summary: nscd accesses freed memory on netgroup query
           Product: glibc
           Version: 2.18
            Status: NEW
          Severity: normal
          Priority: P2
         Component: nscd
          Assignee: siddhesh at redhat dot com
          Reporter: siddhesh at redhat dot com
                CC: drepper.fsp at gmail dot com

nscd accesses freed memory on netgroup query when there are a large number of
entries in a netgroup.  This is easily seen by running nscd under valgrind.

How Reproducible:

Always

Steps to Reproduce:

1. Add a group (foo_long) with a large number of members (>1000)
2. valgrind nscd -d
3. getent netgroup foo_long

Actual Results:

==1802== Invalid read of size 1
==1802==    at 0x4C2E640: memcpy@@GLIBC_2.14 (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==1802==    by 0x1250CF: addgetnetgrentX (string3.h:51)
==1802==    by 0x126D2D: addgetnetgrent (netgroupcache.c:646)
==1802==    by 0x110C8C: nscd_run_worker (connections.c:1339)
==1802==    by 0x4E3C172: start_thread (pthread_create.c:309)
==1802==    by 0x59B737C: clone (clone.S:111)
==1802==  Address 0x655b8e8 is 968 bytes inside a block of size 1,024 free'd
==1802==    at 0x4C2C3AA: realloc (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==1802==    by 0x11C29D: xrealloc (xmalloc.c:107)
==1802==    by 0x125532: addgetnetgrentX (netgroupcache.c:245)
==1802==    by 0x126D2D: addgetnetgrent (netgroupcache.c:646)
==1802==    by 0x110C8C: nscd_run_worker (connections.c:1339)
==1802==    by 0x4E3C172: start_thread (pthread_create.c:309)
==1802==    by 0x59B737C: clone (clone.S:111)
==1802==
==1802== Invalid read of size 1
==1802==    at 0x4C2E64E: memcpy@@GLIBC_2.14 (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==1802==    by 0x1250CF: addgetnetgrentX (string3.h:51)
==1802==    by 0x126D2D: addgetnetgrent (netgroupcache.c:646)
==1802==    by 0x110C8C: nscd_run_worker (connections.c:1339)
==1802==    by 0x4E3C172: start_thread (pthread_create.c:309)
==1802==    by 0x59B737C: clone (clone.S:111)
==1802==  Address 0x655b8ea is 970 bytes inside a block of size 1,024 free'd
==1802==    at 0x4C2C3AA: realloc (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==1802==    by 0x11C29D: xrealloc (xmalloc.c:107)
==1802==    by 0x125532: addgetnetgrentX (netgroupcache.c:245)
==1802==    by 0x126D2D: addgetnetgrent (netgroupcache.c:646)
==1802==    by 0x110C8C: nscd_run_worker (connections.c:1339)
==1802==    by 0x4E3C172: start_thread (pthread_create.c:309)
==1802==    by 0x59B737C: clone (clone.S:111)

Expected Results:

No warnings.

Fix coming up.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Follow-Ups:
- [Bug nscd/16474] nscd accesses freed memory on netgroup query
  - From: cvs-commit at gcc dot gnu.org
- [Bug nscd/16474] nscd accesses freed memory on netgroup query
  - From: siddhesh at redhat dot com

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]