Is it possible you've destroyed the ares_channel when this is called? I
haven't had a chance to look at your code.
Also, have you tried to run this through ASAN or Valgrind?
On 1/3/22 4:07 PM, James Read via c-ares wrote:
Hi,
I have joined this mailing list because I have a difficult bug which
seems to relate to a c-ares function call.
The program I am developing reads lines from a file which is a list of
domain names. It performs asynchronous dns and then downloads the
landing pages with an epoll based event loop. The program runs well
for thousands of iterations and then bombs out with a *** buffer
overflow detected ***: terminated error. The following backtrace
points the finger of blame at a call to ares_fd:
Program received signal SIGABRT, Aborted.
__pthread_kill_implementation (no_tid=0, signo=6,
threadid=140737351407424) at pthread_kill.c:44
44 pthread_kill.c: No such file or directory.
(gdb) bt
#0 __pthread_kill_implementation (no_tid=0, signo=6,
threadid=140737351407424) at pthread_kill.c:44
#1 __pthread_kill_internal (signo=6, threadid=140737351407424) at
pthread_kill.c:80
#2 __GI___pthread_kill (threadid=140737351407424,
signo=signo@entry=6) at pthread_kill.c:91
#3 0x00007ffff7dae476 in __GI_raise (sig=sig@entry=6) at
../sysdeps/posix/raise.c:26
#4 0x00007ffff7d947b7 in __GI_abort () at abort.c:79
#5 0x00007ffff7df55e6 in __libc_message
(action=action@entry=do_abort, fmt=fmt@entry=0x7ffff7f46ef4 "*** %s
***: terminated\n") at ../sysdeps/posix/libc_fatal.c:155
#6 0x00007ffff7ea122a in __GI___fortify_fail
(msg=msg@entry=0x7ffff7f46e9a "buffer overflow detected") at
fortify_fail.c:26
#7 0x00007ffff7e9fb46 in __GI___chk_fail () at chk_fail.c:28
#8 0x00007ffff7ea116b in __fdelt_chk (d=<optimised out>) at
fdelt_chk.c:25
#9 0x00007ffff7f9699a in ares_fds () from /usr/local/lib/libcares.so.2
#10 0x000055555555682d in wait_ares (channel=0x555556bb32a0) at
epoll_recv_with_async_dns.c:80
#11 0x000055555555772e in main (argc=2, argv=0x7fffffffe0a8) at
epoll_recv_with_async_dns.c:299
The offending line of code is:
nfds = ares_fds(channel, &read_fds, &write_fds);
I don't understand how this is a buffer overflow as the function call
only uses locally initialised variables. Here is the full function:
static void wait_ares(ares_channel channel)
{
struct timeval *tvp, tv;
fd_set read_fds, write_fds;
int nfds;
FD_ZERO(&read_fds);
FD_ZERO(&write_fds);
nfds = ares_fds(channel, &read_fds, &write_fds);
if (nfds > 0) {
tvp = ares_timeout(channel, NULL, &tv);
select(nfds, &read_fds, &write_fds, NULL, tvp);
ares_process(channel, &read_fds, &write_fds);
}
}
Just in case I haven't provided enough information a full code listing
can be downloaded from
https://github.com/JamesRead5737/epoll-and-c-ares-crawler
--
c-ares mailing list
c-ares@lists.haxx.se
https://lists.haxx.se/listinfo/c-ares