For b/25900273, adjust allocations to avoid segfault.

author Brooks Moses <bmoses@google.com>

Tue, 15 Dec 2015 18:57:38 +0000 (10:57 -0800)

committer Brooks Moses <bmoses@google.com>

Tue, 15 Dec 2015 18:57:38 +0000 (10:57 -0800)
author Brooks Moses <bmoses@google.com>
Tue, 15 Dec 2015 18:57:38 +0000 (10:57 -0800)
committer Brooks Moses <bmoses@google.com>
Tue, 15 Dec 2015 18:57:38 +0000 (10:57 -0800)
diff --git a/README.google b/README.google

index 3a13e160c516b6e220a3d40bc8d0f362403978aa..3b478f5da7ae1cc060a85befc9edfa36fa96bcfe 100644 (file)
--- a/README.google
+++ b/README.google
@@ -541,3 +541,6 @@ iconv/gconv_trans.c
    https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a1a6a401ab0a3c9f15fb7eaebbdcee24192254e8
    (stanshebs, backport)
  
+resolv/res_send.c
+  For b/25900273, adjust allocations to avoid segfault.
+  (bmoses, google-local)
diff --git a/resolv/res_send.c b/resolv/res_send.c

index 704542c730785d083b05c22f49b9294c5bec1213..6d8fb08bccc0d0d16e963923e0c83f1ce2574e73 100644 (file)
--- a/resolv/res_send.c
+++ b/resolv/res_send.c
@@ -783,26 +783,26 @@ send_vc(res_state statp,
                 assert (anscp != NULL || ansp2 == NULL);
                 thisresplenp = &resplen;
         } else {
-               if (*anssizp != MAXPACKET) {
+               if (*anssizp == orig_anssizp) {
                         /* No buffer allocated for the first
                            reply.  We can try to use the rest
                            of the user-provided buffer.  */
  #ifdef _STRING_ARCH_unaligned
                         *anssizp2 = orig_anssizp - resplen;
-                       *ansp2 = *ansp + resplen;
+                       *ansp2 = ans + resplen;
  #else
                         int aligned_resplen
                           = ((resplen + __alignof__ (HEADER) - 1)
                              & ~(__alignof__ (HEADER) - 1));
                         *anssizp2 = orig_anssizp - aligned_resplen;
-                       *ansp2 = *ansp + aligned_resplen;
+                       *ansp2 = ans + aligned_resplen;
  #endif
-               } else {
+               } else if (*ansp2_malloced == 0) {
                         /* The first reply did not fit into the
                            user-provided buffer.  Maybe the second
                            answer will.  */
                         *anssizp2 = orig_anssizp;
-                       *ansp2 = *ansp;
+                       *ansp2 = ans;
                 }
  
                 thisanssizp = anssizp2;
@@ -826,6 +826,8 @@ send_vc(res_state statp,
                         *thisansp = newp;
                         if (thisansp == ansp2)
                           *ansp2_malloced = 1;
+                        else if (thisansp == anscp)
+                          *ansp = *thisansp;
                         anhp = (HEADER *) newp;
                         len = rlen;
                 } else {
@@ -1201,26 +1203,26 @@ send_dg(res_state statp,
                         assert (anscp != NULL || ansp2 == NULL);
                         thisresplenp = &resplen;
                 } else {
-                       if (*anssizp != MAXPACKET) {
+                       if (*anssizp == orig_anssizp) {
                                 /* No buffer allocated for the first
                                    reply.  We can try to use the rest
                                    of the user-provided buffer.  */
  #ifdef _STRING_ARCH_unaligned
                                 *anssizp2 = orig_anssizp - resplen;
-                               *ansp2 = *ansp + resplen;
+                               *ansp2 = ans + resplen;
  #else
                                 int aligned_resplen
                                   = ((resplen + __alignof__ (HEADER) - 1)
                                      & ~(__alignof__ (HEADER) - 1));
                                 *anssizp2 = orig_anssizp - aligned_resplen;
-                               *ansp2 = *ansp + aligned_resplen;
+                               *ansp2 = ans + aligned_resplen;
  #endif
-                       } else {
+                       } else if (*ansp2_malloced == 0) {
                                 /* The first reply did not fit into the
                                    user-provided buffer.  Maybe the second
                                    answer will.  */
                                 *anssizp2 = orig_anssizp;
-                               *ansp2 = *ansp;
+                               *ansp2 = ans;
                         }
  
                         thisanssizp = anssizp2;
@@ -1239,10 +1241,12 @@ send_dg(res_state statp,
                      ) {
                         u_char *newp = malloc (MAXPACKET);
                         if (newp != NULL) {
-                               *anssizp = MAXPACKET;
-                               *thisansp = ans = newp;
+                               *thisanssizp = MAXPACKET;
+                               *thisansp = newp;
                                 if (thisansp == ansp2)
                                   *ansp2_malloced = 1;
+                                else if (thisansp == anscp)
+                                  *ansp = *thisansp;
                         }
                 }
                 HEADER *anhp = (HEADER *) *thisansp;
author	Brooks Moses <bmoses@google.com>
	Tue, 15 Dec 2015 18:57:38 +0000 (10:57 -0800)
committer	Brooks Moses <bmoses@google.com>
	Tue, 15 Dec 2015 18:57:38 +0000 (10:57 -0800)
README.google		patch \| blob \| blame \| history
resolv/res_send.c		patch \| blob \| blame \| history