[PATCH] resolv: fix unaligned tmp buffer corner-case

Rich Felker dalias at libc.org
Sat Mar 14 15:06:03 UTC 2015


On Thu, Mar 12, 2015 at 02:21:12AM +0300, Alexey Brodkin wrote:
> On execution of "inet/gethost_r-align" test I noticed failure due
> to unaligned access (instaed of 4-byte aligned 1-byte aligned
> address was attempted to be accessed).
> 
> Further investigation confirmed this nice and helpful test failure.
> Following commit removed usage of ALIGN_BUFFER_OFFSET on entry to
> __read_etc_hosts_r():
> http://git.uclibc.org/uClibc/commit/?id=f65e66078b9f4d2d7f0fc336dee36e78fc467c0f
> 
> So indeed if target architecture doesn't allow unaligned access
> and provided tmp buffer is not word aligned (and we will deal with pointers
> which means word-sized data units), then CPU will fail during execution.
> 
> In case of ARC we'll see "Unaligned access" exception like this:
>  --->8---
>  # potentially unexpected fatal signal 7.
>  Path: /root/uClibc/test/inet/gethost_r-align
>  CPU: 0 PID: 5514 Comm: gethost_r-align Not tainted 3.13.11 #2
>  task: 8f42a580 ti: 8f40e000 task.ti: 8f40e000
> 
>  [ECR   ]: 0x00230400 => Misaligned r/w from 0x5fdab341
>  [EFA   ]: 0x5fdab341
>  [BLINK ]: 0x20032a18
>  [ERET  ]: 0x20032a3c
>      @off 0x12a3c in [/lib/libuClibc-0.9.34-git.so]
>      VMA: 0x20020000 to 0x20062000
>  [STAT32]: 0x00000086 : U         E2 E1
>  BTA: 0x20046014  SP: 0x5fdab260  FP: 0x00000000
>  LPS: 0x20046064 LPE: 0x20046068 LPC: 0x00000000
>  r00: 0x5fdab341 r01: 0x00000005 r02: 0x00000015
>  r03: 0x00000000 r04: 0x5fdab358 r05: 0x00000000
>  r06: 0x0a0a0a00 r07: 0x00000000 r08: 0x0000003f
>  r09: 0x20067050 r10: 0x00000000 r11: 0x00000014
>  r12: 0x00000001 r13: 0x00000000 r14: 0x20060660
>  r15: 0x20060661 r16: 0x00000006 r17: 0x5fdab371
>  r18: 0x00000018 r19: 0x5fdab2b4 r20: 0x00020000
>  r21: 0x00000000 r22: 0x00029068 r23: 0x5fdab371
>  r24: 0x00010000 r25: 0x00000000
>  --->8---
> 
> To fix this problem we'll re-introduce tmp buffer force alignment
> before config parser invocation.
> 
> Signed-off-by: Alexey Brodkin <abrodkin at synopsys.com>
> Cc: Vineet Gupta <vgupta at synopsys.com>
> Cc: Waldemar Brodkorb <wbx at openadk.org>
> ---
>  libc/inet/resolv.c | 8 +++++++-
>  1 file changed, 7 insertions(+), 1 deletion(-)
> 
> diff --git a/libc/inet/resolv.c b/libc/inet/resolv.c
> index cfc1eee..7c678ce 100644
> --- a/libc/inet/resolv.c
> +++ b/libc/inet/resolv.c
> @@ -1614,7 +1614,7 @@ int __read_etc_hosts_r(
>  							sizeof(struct in_addr)
>  #endif
>  							;
> -	int ret = HOST_NOT_FOUND;
> +	int i, ret = HOST_NOT_FOUND;
>  
>  	*h_errnop = NETDB_INTERNAL;
>  	if (buflen < aliaslen
> @@ -1626,6 +1626,12 @@ int __read_etc_hosts_r(
>  		*result = NULL;
>  		return errno;
>  	}
> +
> +	/* make sure pointer is aligned */
> +	i = ALIGN_BUFFER_OFFSET(buf);
> +	buf += i;
> +	buflen -= i;

Is this safe against the possibility of buflen<i? Otherwise you're
introducing a serious overflow.

Rich


More information about the uClibc mailing list