[RTEMS Project] #3772: missaligned pointer dereference in cpukit/libnetworking/libc/res_query.c:131
RTEMS trac
trac at rtems.org
Wed Jul 24 21:54:50 UTC 2019
#3772: missaligned pointer dereference in
cpukit/libnetworking/libc/res_query.c:131
---------------------------+---------------------------------------
Reporter: Jeffrey Hill | Owner: (none)
Type: defect | Status: new
Priority: normal | Milestone:
Component: admin | Version: 4.11
Severity: normal | Keywords: missaligned libnetworking
Blocked By: | Blocking:
---------------------------+---------------------------------------
nios2-rtems4.11-gcc (GCC) 4.9.3 20150626 (RTEMS 4.11, RSB no-repo, Newlib
2.2.0.20150423)
configure --target=nios2-rtems4.11 --prefix=/ade/rtems/install/rtems-4-11
--disable-itron --disable-tests --enable-posix --enable-cxx --enable-
rtemsbsp=altera-sys-config-S43X-TDAQ-dev --enable-networking
This is occurring in 4.11.1.99.
I don't suggest that this fix is a great design, but its what we are
currently using here to get our regression tests to pass w/o causing a
misaligned pointer exception. This change probably requires at least gcc
4.6 to properly align a char buffer on the stack this way.
{{{
git diff
/ade/rtems/release/rtems-4-11/c/src/../../cpukit/libnetworking/libc/res_query.c
diff --git a/cpukit/libnetworking/libc/res_query.c
b/cpukit/libnetworking/libc/res_query.c
index b742c30..e06f70f 100644
--- a/cpukit/libnetworking/libc/res_query.c
+++ b/cpukit/libnetworking/libc/res_query.c
@@ -113,7 +113,7 @@ res_query(
u_char *answer, /* buffer to put answer */
int anslen) /* size of answer buffer */
{
- u_char buf[MAXPACKET];
+ u_char buf[MAXPACKET] __attribute ((aligned(4)));
HEADER *hp = (HEADER *) answer;
int n;
}}}
{{{
#0 _Thread_Do_dispatch (cpu_self=<optimized out>, level=<optimized out>,
level at entry=1) at
/ade/rtems/release/rtems-4-11/c/src/../../cpukit/score/src/threaddispatch.c:132
#1 0x0807a6d4 in _Thread_Dispatch_enable (cpu_self=<optimized out>) at
../../cpukit/../../../altera-sys-config-llrf-fcm-
diacrode/lib/include/rtems/score/threaddispatch.h:313
#2 _Thread_Enable_dispatch_body () at ../../cpukit/../../../altera-sys-
config-llrf-fcm-diacrode/lib/include/rtems/score/threaddispatch.h:343
#3 _Thread_Enable_dispatch () at
/ade/rtems/release/rtems-4-11/c/src/../../cpukit/score/src/threadenabledispatch.c:30
#4 0x08075f3c in _Objects_Put (the_object=<optimized out>) at
../../cpukit/../../../altera-sys-config-llrf-fcm-
diacrode/lib/include/rtems/score/objectimpl.h:975
#5 rtems_task_suspend (id=id at entry=0) at
/ade/rtems/release/rtems-4-11/c/src/../../cpukit/rtems/src/tasksuspend.c:37
#6 0x0813d808 in _Nios2_CPU_exception_handler_last_resort
(pefr=0x81d498c, ctx=<optimized out>) at
/ade/rtems/release/rtems-4-11/c/src/lib/libcpu/nios2/shared/except/except-
last-resort.c:64
#7 0x0809d9ac in _Nios2_Exception_handler_high_level (pefr=0x81d498c) at
/ade/rtems/release/rtems-4-11/c/src/../../cpukit/score/cpu/nios2/nios2-except.c:119
#8 0x0809d86c in _Nios2_Exception_handler () at
/ade/rtems/release/rtems-4-11/c/src/../../cpukit/score/cpu/nios2/nios2
-except-low-level.S:96
#9 0x08085980 in CPU_swap_u16 (value=10412) at ../../cpukit
/../../../altera-sys-config-llrf-fcm-
diacrode/lib/include/rtems/score/cpu.h:402
#10 htons (_x=10412) at ../../cpukit/../../../altera-sys-config-llrf-fcm-
diacrode/lib/include/rtems/endian.h:83
#11 __res_mkquery (op=op at entry=0, dname=dname at entry=0x81d4aa8
"localhost.lcs.net", class=class at entry=1, type=type at entry=1,
data=data at entry=0x0, datalen=datalen at entry=0, newrr_in=newrr_in at entry=0x0,
buf=buf at entry-11/c/src/../../cpukit/libnetworking/libc/res_mkquery.c:122
#12 0x08058bcc in __res_query (anslen=<optimized out>, answer=0x81d5318
"stupwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzpe=1,
class=1, name=0x81d4aa8 "localhost.lcs.net") at
/ade/rtems/release/rtems-4-11/c/src/../../cpukit/libnetworking/libc/res_query.c:131
#13 __res_querydomain (name=name at entry=0x81d576c "localhost",
domain=<optimized out>, class=class at entry=1, type=type at entry=1,
answer=answer at entry=0x81d5318
"stupwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghij"...,
anslen=anslen at entry=1024) at
/ade/rtems/release/rtems-4-11/c/src/../../cpukit/libnetworking/libc/res_query.c:368
#14 0x080590e0 in __res_search (name=0x81d576c "localhost", class=1,
type=1, answer=0x81d5318
"stupwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdwxyzabcdefghij"...,
anslen=1024) at
/ade/rtems/release/rtems-4-11/c/src/../../cpukit/libnetworking/libc/res_query.c:242
#15 0x080808b8 in _gethostbydnsname (name=name at entry=0x81d576c
"localhost", af=af at entry=2) at
/ade/rtems/release/rtems-4-11/c/src/../../cpukit/libnetworking/libc/gethostbydns.c:588
#16 0x08056c58 in gethostbyname2 (type=2, name=0x81d576c "localhost") at
/ade/rtems/release/rtems-4-11/c/src/../../cpukit/libnetworking/libc/gethostnamadr.c:153
#17 gethostbyname (name=name at entry=0x81d576c "localhost") at
/ade/rtems/release/rtems-4-11/c/src/../../cpukit/libnetworking/libc/gethostnamadr.c:133
#18 0x08045198 in hostToIPAddr (pHostName=pHostName at entry=0x81d576c
"localhost", pIPA=pIPA at entry=0x81d5984) at
/ade/epics/supTop/base/DAR3.15.1.1/src/libCom/osi/os/posix/osdSock.c:170
#19 0x0803990c in aToIPAddr (pAddrString=pAddrString at entry=0x81d59b0
"localhost", defaultPort=defaultPort at entry=0, pIP=pIP at entry=0x81d5a30) at
/ade/epics/supTop/base/DAR3.15.1.1/src/libCom/misc/aToIPAddr.c:168
#20 0x0804ed80 in envGetInetAddrConfigParam (pParam=pParam at entry=0x81a723c
<EPICS_IOC_LOG_INET>, pAddr=pAddr at entry=0x81d5a50) at
/ade/epics/supTop/base/DAR3.15.1.1/src/libCom/env/envSubr.c:258
#21 0x08036b2c in getConfig (pserver_port=<synthetic pointer>,
pserver_addr=0x81d5a50) at
/ade/epics/supTop/base/DAR3.15.1.1/src/libCom/log/iocLog.c:57
#22 iocLogClientInit () at
/ade/epics/supTop/base/DAR3.15.1.1/src/libCom/log/iocLog.c:88
#23 iocLogInit () at
/ade/epics/supTop/base/DAR3.15.1.1/src/libCom/log/iocLog.c:116
#24 0x08008d60 in testLogPrefix () at
/ade/epics/supTop/base/DAR3.15.1.1/src/libCom/test/epicsErrlogTest.c:402
#25 epicsErrlogTest () at
/ade/epics/supTop/base/DAR3.15.1.1/src/libCom/test/epicsErrlogTest.c:324
#26 0x0803c51c in runTestFunc (name=name at entry=0x8189cf4
"epicsErrlogTest", func=0x80085e4 <epicsErrlogTest>) at
/ade/epics/supTop/base/DAR3.15.1.1/src/libCom/misc/epicsUnitTest.c:262
#27 0x08018b74 in epicsRunLibComTests () at
/ade/epics/supTop/base/DAR3.15.1.1/src/libCom/test/epicsRunLibComTests.c:66
#28 0x0802854c in main (argc=<optimized out>, argv=<optimized out>) at
/ade/epics/supTop/base/DAR3.15.1.1/src/libCom/test/rtemsTestHarness.c:16
(
}}}
{{{
(gdb) print &buf
$9 = (u_char (*)[1024]) 0x81d4ea9
(gdb) list -
116 u_char buf[MAXPACKET];
117 HEADER *hp = (HEADER *) answer;
118 int n;
119
120 hp->rcode = NOERROR; /* default */
121
122 if ((_res.options & RES_INIT) == 0 && res_init() == -1) {
123 h_errno = NETDB_INTERNAL;
124 return (-1);
125 }
}}}
{{{
(gdb) print &hp->id
$3 = (unsigned int *) 0x81d4ea9
(gdb) print &hp
$4 = (HEADER **) 0x81d4aa0
(gdb) print *hp
$5 = {id = 0, rd = 0, tc = 0, aa = 0, opcode = 0, qr = 0, rcode = 0, cd =
0, ad = 0, unused = 0, ra = 0, qdcount = 0, ancount = 0, nscount = 0,
arcount = 0}
(gdb) print &hp->id
$6 = (unsigned int *) 0x81d4ea9
(gdb) print hp
$7 = (HEADER *) 0x81d4ea9
(gdb) list
117 */
118 if ((buf == NULL) || (buflen < HFIXEDSZ))
119 return (-1);
120 memset(buf, 0, HFIXEDSZ);
121 hp = (HEADER *) buf;
122 hp->id = htons(++_res.id);
123 hp->opcode = op;
124 hp->rd = (_res.options & RES_RECURSE) != 0;
125 hp->rcode = NOERROR;
}}}
--
Ticket URL: <http://devel.rtems.org/ticket/3772>
RTEMS Project <http://www.rtems.org/>
RTEMS Project
More information about the bugs
mailing list