Details
[Home]
Issue of the Implementation # S0790
Brief
Regression in hsearch_r(): Segmentation fault over too small table size
Detailed Description
The modifications of hsearch_r() [1] in glibc-2.9 leads to segmentation fault if size of the table created is less than 3. The issue has been already fixed in the source code of hcreate_r() function in glibc cvs:
/* There is still another table active. Return with error. */
if (htab->table != NULL)
return 0;
+ /* We need a size of at least 3. Otherwise the hash functions we
+ use will not work. */
+ if (nel < 3)
+ nel = 3;
/* Change nel to the first prime number not smaller as nel. */
nel |= 1; /* make odd */
while (!isprime (nel))
nel += 2;
But it is still present in glibc-2.9 and in Ubuntu-9.04 in particular. The example below demonstrates the issue.
[1] http://sourceware.org/bugzilla/show_bug.cgi?id=6966
Problem location(s) in the standard
Linux Standard Base Core Specification 3.1, Chapter 13. Base Libraries, 13.3. Interfaces for libc, 13.3.17. Standard Library, 13.3.17.1. Interfaces for Standard Library, Table 13-22. libc - Standard Library Function Interfaces, descriptions of hcreate(), hsearch() and hdestroy() functions.
Example
#include <stdio.h>
#include <search.h>
int main()
{
char * key[] = { "key1", "key2" };
char * data = "data";
int i;
ENTRY item;
item.data = data;
hcreate(1); // nel = 0 or 1
for(i = 0; i < 2; i++){
item.key = key[i];
printf("try to insert '%s'='%s'
", item.key, (char *)item.data);
hsearch(item, ENTER);
printf("successful
");
}
hdestroy();
return 0;
}
Component
glibc 2.9
Status
Fixed in glibc-2.10
[Home]