https://bugzilla.novell.com/show_bug.cgi?id=458737 Summary: crash in libnss_nis Product: openSUSE 11.1 Version: Final Platform: x86-64 OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: koenig@linux.de QAContact: qa@suse.de Found By: --- using an old perl 5.8.4 binary with DBD::Pg from Psql 7.4.5 (both build on suse 9.0 64 bit) I get a crash in libnss_nis.so.2 (_nss_nis_gethostbyname4_r) being called getaddrinfo(). the same binaries/app work fine with opensuse 11.0. if I preload libnss_nis.so.2 from opensuse 11.0, our app does not crash. getaddrinfo() only seems to crash iff I use an host name with at least one real alias name in hosts map (all hosts have FQDN and DN as first two entries). the length of the of the hosts map entry does not seem to matter. valgrind shows this output for the errornous free() call: ==16624== Invalid free() / delete / delete[] ==16624== at 0x4C243AF: free (in /usr/lib64/valgrind/amd64-linux/vgpreload_memcheck.so) ==16624== by 0x74A6708: _nss_nis_gethostbyname4_r (in /home/koenig/s102/r/libnss_nis.so.2) ==16624== by 0x5BB52A5: (within /home/koenig/s102/r/libc.so.6) ==16624== by 0x5BB75B1: getaddrinfo (in /home/koenig/s102/r/libc.so.6) ==16624== by 0x6F785B2: getaddrinfo_all (in /home/koenig/s102/r/libpq.so.3) ==16624== by 0x6F6CD72: connectDBStart (in /home/koenig/s102/r/libpq.so.3) ==16624== by 0x6F6C4CA: PQconnectStart (in /home/koenig/s102/r/libpq.so.3) ==16624== by 0x6F6C445: PQconnectdb (in /home/koenig/s102/r/libpq.so.3) ==16624== by 0x6E5C929: dbd_db_login (in /home/koenig/s102/r/auto/DBD/Pg/Pg.so) ==16624== by 0x6E57802: XS_DBD__Pg__db__login (in /home/koenig/s102/r/auto/DBD/Pg/Pg.so) ==16624== by 0x46E4E8: Perl_pp_entersub (in /home/koenig/s102/r/perl) ==16624== by 0x46793D: Perl_runops_standard (in /home/koenig/s102/r/perl) running the app with MALLOC_TRACE=blub shows that free() is not called from the address being malloc'ed before, but with an offset of 0x from MALLOC_TRACE output the last 3 lines before about/crash: malloc of the area: @ /lib64/libnsl.so.1:(yp_match+0xee)[0x7ffff79b20de] + 0x61ef10 0x59 does not matter ?! @ /lib64/libc.so.6:(xdr_bytes+0x9d)[0x7ffff6eb5d3d] - 0x963490 here free is called with 0x61ef45 instead of 0x61ef10 !!! @ /lib64/libnss_nis.so.2:(_nss_nis_gethostbyname4_r+0x1b9)[0x7ffff6359709] - 0x61ef45 if I call getaddrinfo() with host names without real aliases, free() is called with the address ebing malloc()ed before... unfortuneately I did not manage to build a small C example just calling getaddrinfo() to trigger that problem. none of my test binaries called _nss_nis_gethostbyname4_r () , even if I build my tests on suse 9.0 too. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.