Hi, A fix has been commited.
Thanks for investigated the problem and provided a test case. It was very useful to properly found the state corruption. -- Sebastien Marie On Wed, Jun 03, 2020 at 07:22:52PM +0200, Fabian Keil wrote: > TJ <dll-kms...@protonmail.com> wrote: > > > I'm migrating my system configs from one OpenBSD machine (Pentium 4) to > > another (Core 2 Duo). > > > > I noticed unpredictable crashes of the Privoxy package when run and used > > on the C2D computer. These crashes don't occur on the P4 at all, with > > the same traffic. > > I tried to reproduce the crashes with OpenBSD 6.7 amd64 > and Privoxy 3.0.29 built from git and Privoxy reliably > crashes when executing a regression test ... > > The crash I encountered seems to be triggered by long > host names resolved from a thread. > > Here's a reduced test case: > > openbsd$ cat resolve.c > #include <netdb.h> > #include <pthread.h> > #include <stdio.h> > #include <stdlib.h> > #include <string.h> > #include <unistd.h> > > pthread_mutex_t mutex; > > void resolve(char *host) { > int error; > error = pthread_mutex_lock(&mutex); > if (error) { > printf("Locking failed: %s", strerror(error)); > exit(1); > } > printf("Calling gethostbyname with %s\n", host); > gethostbyname(host); > pthread_mutex_unlock(&mutex); > } > > int main(int argc, char **argv) { > pthread_t the_thread; > pthread_attr_t attrs; > int i; > > if (!argc) { > printf("No argument to resolve given\n"); > exit(1); > } > > pthread_attr_init(&attrs); > pthread_attr_setdetachstate(&attrs, PTHREAD_CREATE_DETACHED); > > pthread_mutex_init(&mutex, NULL); > > for (i = 0; i < 3; i++) { > pthread_create(&the_thread, &attrs, (void * (*)(void *))resolve, > argv[1]); > } > > sleep(1); > > exit(0); > } > openbsd$ clang -pthread -ggdb -Wall -o resolve resolve.c > openbsd$ ./resolve > AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.example.org > Calling gethostbyname with > AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.example.org > Calling gethostbyname with > AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.example.org > Calling gethostbyname with > AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.example.org > openbsd$ ./resolve > AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.example.org > Calling gethostbyname with > AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.example.org > Segmentation fault (core dumped) > openbsd$ egdb resolve resolve.core > GNU gdb (GDB) 7.12.1 > Copyright (C) 2017 Free Software Foundation, Inc. > License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> > This is free software: you are free to change and redistribute it. > There is NO WARRANTY, to the extent permitted by law. Type "show copying" > and "show warranty" for details. > This GDB was configured as "x86_64-unknown-openbsd6.7". > Type "show configuration" for configuration details. > For bug reporting instructions, please see: > <http://www.gnu.org/software/gdb/bugs/>. > Find the GDB manual and other documentation resources online at: > <http://www.gnu.org/software/gdb/documentation/>. > For help, type "help". > Type "apropos word" to search for commands related to "word"... > Reading symbols from resolve...done. > [New process 616459] > [New process 145207] > [New process 578084] > [New process 517316] > Core was generated by `resolve'. > Program terminated with signal SIGSEGV, Segmentation fault. > #0 0x0000031a025d201d in unpack_data (p=0x31a6a754b40, data=0x31a6a754b70, > len=12) at /usr/src/lib/libc/asr/asr_utils.c:193 > 193 /usr/src/lib/libc/asr/asr_utils.c: No such file or directory. > [Current thread is 1 (process 616459)] > (gdb) where > #0 0x0000031a025d201d in unpack_data (p=0x31a6a754b40, data=0x31a6a754b70, > len=12) at /usr/src/lib/libc/asr/asr_utils.c:193 > #1 _asr_unpack_header (p=0x31a6a754b40, h=0x31a6a754b70) at > /usr/src/lib/libc/asr/asr_utils.c:257 > #2 0x0000031a0265db34 in hostent_from_packet (reqtype=3, family=2, > pkt=<optimized out>, pktlen=<optimized out>) at > /usr/src/lib/libc/asr/gethostnamadr_async.c:463 > #3 gethostnamadr_async_run (as=<optimized out>, ar=<optimized out>) at > /usr/src/lib/libc/asr/gethostnamadr_async.c:305 > #4 0x0000031a02603308 in _libc_asr_run (as=0x319e01a2e00, ar=0x31a6a754c70) > at /usr/src/lib/libc/asr/asr.c:176 > #5 _libc_asr_run_sync (as=0x319e01a2e00, ar=0x31a6a754c70) at > /usr/src/lib/libc/asr/asr.c:223 > #6 0x0000031a025f994e in _gethostbyname (name=0x7f7ffffd01ba 'A' <repeats 64 > times>, ".example.org", af=2, ret=<optimized out>, buflen=4096, > h_errnop=<optimized out>, buf=<optimized out>) > at /usr/src/lib/libc/asr/gethostnamadr.c:119 > #7 _libc_gethostbyname2 (name=0x7f7ffffd01ba 'A' <repeats 64 times>, > ".example.org", af=2) at /usr/src/lib/libc/asr/gethostnamadr.c:154 > #8 0x00000317d0a323c4 in resolve (host=0x7f7ffffd01ba 'A' <repeats 64 > times>, ".example.org") at resolve.c:18 > #9 0x0000031ab56970d1 in _rthread_start (v=<optimized out>) at > /usr/src/lib/librthread/rthread.c:96 > #10 0x0000031a0264cdb8 in __tfork_thread () at > /usr/src/lib/libc/arch/amd64/sys/tfork_thread.S:77 > #11 0x0000000000000000 in ?? () > > Fabian >