Details

[Home]

Issue of the Implementation # S0790

Brief

Regression in hsearch_r(): Segmentation fault over too small table size

Detailed Description

The modifications of hsearch_r() [1] in glibc-2.9 leads to segmentation fault if size of the table created is less than 3. The issue has been already fixed in the source code of hcreate_r() function in glibc cvs:

/* There is still another table active. Return with error. */
   if (htab->table != NULL)
     return 0;
 
+  /* We need a size of at least 3.  Otherwise the hash functions we
+     use will not work.  */
+  if (nel < 3)
+    nel = 3;
   /* Change nel to the first prime number not smaller as nel. */
   nel |= 1;      /* make odd */
   while (!isprime (nel))
     nel += 2;

But it is still present in glibc-2.9 and in Ubuntu-9.04 in particular. The example below demonstrates the issue.

[1] http://sourceware.org/bugzilla/show_bug.cgi?id=6966

Problem location(s) in the standard

Linux Standard Base Core Specification 3.1, Chapter 13. Base Libraries, 13.3. Interfaces for libc, 13.3.17. Standard Library, 13.3.17.1. Interfaces for Standard Library, Table 13-22. libc - Standard Library Function Interfaces, descriptions of hcreate(), hsearch() and hdestroy() functions.

Example

#include <stdio.h>
#include <search.h>

int main()
{
	char * key[] = { "key1", "key2" };
	char * data = "data";
	int i;
	ENTRY item;
	item.data = data;

	hcreate(1); // nel = 0 or 1
	for(i = 0; i < 2; i++){
		item.key = key[i];

		printf("try to insert '%s'='%s'
", item.key, (char *)item.data);
		hsearch(item, ENTER);
		printf("successful
");
	}

	hdestroy();
	return 0;
}

Component

glibc 2.9

Status

Fixed in glibc-2.10

[Home]