The calls to RES_SET_H_ERRNO() macro on error paths wind up dereferencing an uninitialized res: Index: net/getaddrinfo.c =================================================================== --- net/getaddrinfo.c (revision 286381) +++ net/getaddrinfo.c (working copy) @@ -2154,6 +2154,8 @@ memset(&sentinel, 0, sizeof(sentinel)); cur = &sentinel; + res = __res_state(); + buf = malloc(sizeof(*buf)); if (!buf) { RES_SET_H_ERRNO(res, NETDB_INTERNAL); @@ -2200,7 +2202,6 @@ return NS_UNAVAIL; } - res = __res_state(); if ((res->options & RES_INIT) == 0 && res_ninit(res) == -1) { RES_SET_H_ERRNO(res, NETDB_INTERNAL); free(buf);
A commit references this bug: Author: ume Date: Thu Dec 10 11:11:44 UTC 2015 New revision: 292059 URL: https://svnweb.freebsd.org/changeset/base/292059 Log: The calls to RES_SET_H_ERRNO() macro on error paths wind up dereferencing an uninitialized res. PR: 202142 Submitted by: Sean Boudreau MFC after: 1 week Changes: head/lib/libc/net/getaddrinfo.c
Thank you for your report. I've committed it into 11-CURRENT. I'll do MFC it after 1 week.
A commit references this bug: Author: ume Date: Thu Dec 17 16:08:28 UTC 2015 New revision: 292403 URL: https://svnweb.freebsd.org/changeset/base/292403 Log: MFC r292059: The calls to RES_SET_H_ERRNO() macro on error paths wind up dereferencing an uninitialized res. PR: 202142 Submitted by: Sean Boudreau Changes: _U stable/10/ stable/10/lib/libc/net/getaddrinfo.c
A commit references this bug: Author: ume Date: Thu Dec 17 16:09:15 UTC 2015 New revision: 292404 URL: https://svnweb.freebsd.org/changeset/base/292404 Log: MFC r292059: The calls to RES_SET_H_ERRNO() macro on error paths wind up dereferencing an uninitialized res. PR: 202142 Submitted by: Sean Boudreau Changes: _U stable/9/lib/libc/ stable/9/lib/libc/net/getaddrinfo.c