Created attachment 533697 [details] Test program Description of problem: On my Dell Latitude D620, with no wired network connection and the wireless connection disabled by the hardware kill switch, calling getaddrinfo("localhost") several times in a row causes an invalid free. This is with unmodified /etc/hosts and unmodified glibc configuration files (rpm -V glibc) except for /etc/localtime. Version-Release number of selected component (if applicable): glibc-2.14.90-16.x86_64 How reproducible: Almost always on my system. Steps to Reproduce: 1. Download attached test.c. 2. make test 3. Offline with wireless hardware-disabled: valgrind ./test Actual results: [valgrind header] resolve one ==3271== Invalid free() / delete / delete[] ==3271== at 0x4C2962E: free (vg_replace_malloc.c:366) ==3271== by 0x4F459B7: __free_in6ai (check_pf.c:426) ==3271== by 0x4F0D444: getaddrinfo (getaddrinfo.c:2560) ==3271== by 0x4005F4: _resolve_addr (in /home/matt/test/gai-invalid-free/test) ==3271== by 0x400652: main (in /home/matt/test/gai-invalid-free/test) ==3271== Address 0x51e3390 is 0 bytes inside data symbol "noai6ai_cached" ==3271== resolve one resolve one [valgrind footer] Expected results: [valgrind header] resolve one resolve one resolve one [valgrind footer] Additional info: After I upgraded from F15 to F16, this problem caused cupsd to crash, which caused gnome-settings-daemon to hang and ultimately led to the GNOME "Oh no! Something has gone wrong" screen. The test case is a simplified version of what cupsd was doing via libaudit.
*** Bug 754019 has been marked as a duplicate of this bug. ***
*** Bug 753470 has been marked as a duplicate of this bug. ***
*** Bug 754283 has been marked as a duplicate of this bug. ***
This also crashes firefox, google chrome, yum update. Basically anything that tries to resolve stuff. I get the exact same error and trace.
*** Bug 754434 has been marked as a duplicate of this bug. ***
*** Bug 753736 has been marked as a duplicate of this bug. ***
The affected update has been unpushed.
*** Bug 753733 has been marked as a duplicate of this bug. ***