https://bugzilla.novell.com/show_bug.cgi?id=464181 Summary: Segfault in ssh caused by _nss_nis_gethostbyname4_r() Product: openSUSE 11.1 Version: Final Platform: x86-64 OS/Version: openSUSE 11.1 Status: NEW Severity: Major Priority: P5 - None Component: Basesystem AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: loose@astron.nl QAContact: qa@suse.de Found By: --- When running ssh (or traceroute, or entering a valid http address in firefox), a segfault results in _nss_nis_gethostbyname4_r () I see segfaults in two situations: 1) when specifying only a hostname without a domain 2) when specifying a hostname with domain that resolves to a different canonical name. This problem might be related to a bug found in glibc-2.9-2 (see https://bugzilla.redhat.com/show_bug.cgi?id=474800) Below is the output a valgrind run ==29145== Memcheck, a memory error detector. ==29145== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al. ==29145== Using LibVEX rev 1854, a library for dynamic binary translation. ==29145== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP. ==29145== Using valgrind-3.3.1, a dynamic binary instrumentation framework. ==29145== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al. ==29145== For more details, rerun with: -v ==29145== ==29145== Invalid free() / delete / delete[] ==29145== at 0x4C243AF: free (in /usr/lib64/valgrind/amd64-linux/vgpreload_memcheck.so) ==29145== by 0x7D57708: _nss_nis_gethostbyname4_r (in /lib64/libnss_nis-2.9.so) ==29145== Address 0x7782e07 is 31 bytes inside a block of size 176 alloc'd ==29145== at 0x4C256AE: malloc (in /usr/lib64/valgrind/amd64-linux/vgpreload_memcheck.so) ==29145== by 0x55C70DD: yp_match (in /lib64/libnsl-2.9.so) ==29145== by 0x7D5760C: _nss_nis_gethostbyname4_r (in /lib64/libnss_nis-2.9.so) ==29145== by 0x68862A5: (within /lib64/libc-2.9.so) ==29145== by 0x68885B1: getaddrinfo (in /lib64/libc-2.9.so) ==29145== by 0x145F6: (within /usr/bin/ssh) ==29145== by 0xAA14: main (in /usr/bin/ssh) ==29145== ==29145== Process terminating with default action of signal 11 (SIGSEGV) ==29145== Bad permissions for mapped region at address 0x1 ==29145== at 0x47: (within /usr/bin/ssh) ==29145== ==29145== FILE DESCRIPTORS: 3 open at exit. ==29145== Open file descriptor 2: /dop131_1/loose/work/USG/bug.log ==29145== <inherited from parent> ==29145== ==29145== Open file descriptor 1: /dop131_1/loose/work/USG/bug.log ==29145== <inherited from parent> ==29145== ==29145== Open file descriptor 0: /dev/pts/9 ==29145== <inherited from parent> ==29145== ==29145== ==29145== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 27 from 2) ==29145== malloc/free: in use at exit: 63,343 bytes in 2,013 blocks. ==29145== malloc/free: 2,117 allocs, 105 frees, 123,137 bytes allocated. ==29145== For counts of detected errors, rerun with: -v ==29145== searching for pointers to 2,013 not-freed blocks. ==29145== checked 576,704 bytes. ==29145== ==29145== ==29145== 292 (52 direct, 240 indirect) bytes in 1 blocks are definitely lost in loss record 2 of 9 ==29145== at 0x4C256AE: malloc (in /usr/lib64/valgrind/amd64-linux/vgpreload_memcheck.so) ==29145== by 0x68AB552: (within /lib64/libc-2.9.so) ==29145== by 0x68ABCE6: __nss_database_lookup (in /lib64/libc-2.9.so) ==29145== by 0x7B4E35F: ??? ==29145== by 0x7B4F04C: ??? ==29145== by 0x6869CFB: getpwuid_r (in /lib64/libc-2.9.so) ==29145== by 0x686955E: getpwuid (in /lib64/libc-2.9.so) ==29145== by 0x9BE4: main (in /usr/bin/ssh) ==29145== ==29145== ==29145== 176 bytes in 1 blocks are possibly lost in loss record 6 of 9 ==29145== at 0x4C256AE: malloc (in /usr/lib64/valgrind/amd64-linux/vgpreload_memcheck.so) ==29145== by 0x55C70DD: yp_match (in /lib64/libnsl-2.9.so) ==29145== by 0x7D5760C: ??? ==29145== by 0x68862A5: (within /lib64/libc-2.9.so) ==29145== by 0x68885B1: getaddrinfo (in /lib64/libc-2.9.so) ==29145== by 0x145F6: (within /usr/bin/ssh) ==29145== by 0xAA14: main (in /usr/bin/ssh) ==29145== ==29145== LEAK SUMMARY: ==29145== definitely lost: 52 bytes in 1 blocks. ==29145== indirectly lost: 240 bytes in 10 blocks. ==29145== possibly lost: 176 bytes in 1 blocks. ==29145== still reachable: 62,875 bytes in 2,001 blocks. ==29145== suppressed: 0 bytes in 0 blocks. ==29145== Reachable blocks (those to which a pointer was found) are not shown. ==29145== To see them, rerun with: --leak-check=full --show-reachable=yes -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.