[PATCH] resolv: fix unaligned tmp buffer corner-case
Rich Felker
dalias at libc.org
Sat Mar 14 15:06:03 UTC 2015
On Thu, Mar 12, 2015 at 02:21:12AM +0300, Alexey Brodkin wrote:
> On execution of "inet/gethost_r-align" test I noticed failure due
> to unaligned access (instaed of 4-byte aligned 1-byte aligned
> address was attempted to be accessed).
>
> Further investigation confirmed this nice and helpful test failure.
> Following commit removed usage of ALIGN_BUFFER_OFFSET on entry to
> __read_etc_hosts_r():
> http://git.uclibc.org/uClibc/commit/?id=f65e66078b9f4d2d7f0fc336dee36e78fc467c0f
>
> So indeed if target architecture doesn't allow unaligned access
> and provided tmp buffer is not word aligned (and we will deal with pointers
> which means word-sized data units), then CPU will fail during execution.
>
> In case of ARC we'll see "Unaligned access" exception like this:
> --->8---
> # potentially unexpected fatal signal 7.
> Path: /root/uClibc/test/inet/gethost_r-align
> CPU: 0 PID: 5514 Comm: gethost_r-align Not tainted 3.13.11 #2
> task: 8f42a580 ti: 8f40e000 task.ti: 8f40e000
>
> [ECR ]: 0x00230400 => Misaligned r/w from 0x5fdab341
> [EFA ]: 0x5fdab341
> [BLINK ]: 0x20032a18
> [ERET ]: 0x20032a3c
> @off 0x12a3c in [/lib/libuClibc-0.9.34-git.so]
> VMA: 0x20020000 to 0x20062000
> [STAT32]: 0x00000086 : U E2 E1
> BTA: 0x20046014 SP: 0x5fdab260 FP: 0x00000000
> LPS: 0x20046064 LPE: 0x20046068 LPC: 0x00000000
> r00: 0x5fdab341 r01: 0x00000005 r02: 0x00000015
> r03: 0x00000000 r04: 0x5fdab358 r05: 0x00000000
> r06: 0x0a0a0a00 r07: 0x00000000 r08: 0x0000003f
> r09: 0x20067050 r10: 0x00000000 r11: 0x00000014
> r12: 0x00000001 r13: 0x00000000 r14: 0x20060660
> r15: 0x20060661 r16: 0x00000006 r17: 0x5fdab371
> r18: 0x00000018 r19: 0x5fdab2b4 r20: 0x00020000
> r21: 0x00000000 r22: 0x00029068 r23: 0x5fdab371
> r24: 0x00010000 r25: 0x00000000
> --->8---
>
> To fix this problem we'll re-introduce tmp buffer force alignment
> before config parser invocation.
>
> Signed-off-by: Alexey Brodkin <abrodkin at synopsys.com>
> Cc: Vineet Gupta <vgupta at synopsys.com>
> Cc: Waldemar Brodkorb <wbx at openadk.org>
> ---
> libc/inet/resolv.c | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/libc/inet/resolv.c b/libc/inet/resolv.c
> index cfc1eee..7c678ce 100644
> --- a/libc/inet/resolv.c
> +++ b/libc/inet/resolv.c
> @@ -1614,7 +1614,7 @@ int __read_etc_hosts_r(
> sizeof(struct in_addr)
> #endif
> ;
> - int ret = HOST_NOT_FOUND;
> + int i, ret = HOST_NOT_FOUND;
>
> *h_errnop = NETDB_INTERNAL;
> if (buflen < aliaslen
> @@ -1626,6 +1626,12 @@ int __read_etc_hosts_r(
> *result = NULL;
> return errno;
> }
> +
> + /* make sure pointer is aligned */
> + i = ALIGN_BUFFER_OFFSET(buf);
> + buf += i;
> + buflen -= i;
Is this safe against the possibility of buflen<i? Otherwise you're
introducing a serious overflow.
Rich
More information about the uClibc
mailing list