Subject: non-existing host name segfault

non-existing host name segfault

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Tue, 2 Oct 2007 01:15:19 +0200 (CEST)

Hey Steinar,

Test case 20 in the curl test suite still fails, now with a segfault in
c-ares because libcurl uses ares_strerror() on a status code that is outside
range. (Segfaulting because of that is lame in itself and I'll fix that, but
now it proved to us that c-ares provides a bad status in the callback -- eh,
I already committed the strerror fix but the rest still stands).

Test case 20 tries to resolve a non-existing host name:

         non-existing-host.haxx.se

And the stack trace from c-ares that is interesting - since it calls the
callback with a bad status value, looks like this:

#0 addrinfo_callback (arg=0x80f8df4, status=-1077274744, addr=0x0)
     at hostasyn.c:103
#1 0x08063405 in Curl_addrinfo4_callback (arg=0x80f8df4, status=-1077274744,
     timeouts=0, hostent=0x0) at hostasyn.c:162

   These upper two are in libcurl and just shows how the callback receives and
   passes on a weird status code.

#2 0x08095b6d in end_hquery (hquery=0x80f9504, status=-1077274744, host=0x0)
     at ares_gethostbyname.c:192

   Here we see the same code within c-ares and it is bad...

#3 0x080959b8 in next_lookup (hquery=0x80f9504) at ares_gethostbyname.c:149
#4 0x08095b3b in host_callback (arg=0x80f9504, status=4, timeouts=0,
     abuf=0xbfca1877 "\030Þ\201\203", alen=88) at ares_gethostbyname.c:186
#5 0x0809adbb in qcallback (arg=0x80f97a4, status=4, timeouts=0,
     abuf=0xbfca1877 "\030Þ\201\203", alen=88) at ares_query.c:176
#6 0x0809544c in end_query (channel=0x80ef474, query=0x80f95d4, status=0,
     abuf=0xbfca1877 "\030Þ\201\203", alen=88) at ares_process.c:1057
#7 0x0809444d in process_answer (channel=0x80ef474,
     abuf=0xbfca1877 "\030Þ\201\203", alen=88, whichserver=0, tcp=0,
     now=1191280330) at ares_process.c:541
#8 0x08094116 in read_udp_packets (channel=0x80ef474, read_fds=0x0,
     read_fd=7, now=1191280330) at ares_process.c:422
#9 0x08093892 in ares_process_fd (channel=0x80ef474, read_fd=7, write_fd=-1)
     at ares_process.c:122
#10 0x08062ed4 in ares_waitperform (conn=0x80f8df4, timeout_ms=5000)
     at hostares.c:182

   The functions below are libcurl functions that tries to resolve the host
   name and it then sits waiting for the name to resolve.

#11 0x0806309e in Curl_wait_for_resolv (conn=0x80f8df4, entry=0x0)
     at hostares.c:257
#12 0x0808a290 in Curl_connect_host (data=0x80e6eec, conn=0xbfca1c84)
     at transfer.c:2338 

-- 
   c-ares -- my preferred DNS asynch resolver library
Received on 2007-10-02