Operational Notification -- Changes in gcc Code Optimization Can Cause a Crash in BIND

AA-01167


Summary:

Versions of the GNU Compiler Collection (GCC) greater than or equal to GCC 4.9.0 include changes to code optimization that have been reported to cause problems in BIND when default code optimization settings are used by the compiler.

Posting date:      4 June 2014

Program Impacted:     BIND 9

Versions affected: 

9.8.0 - 9.8.7-W1, 9.9.0 - 9.9.5-W1, 9.10.0 - 9.10.0-P1.  Windows binary distributions are NOT affected.

Description:

ISC is issuing an operational notification to make BIND users aware of an unexpected problem caused by the interaction of BIND 9 and recent versions of GCC.

Beginning with GCC 4.9.0, code optimization in GCC now includes (by default) an optimization which is intended to eliminate unnecessary null pointer comparisons in compiled code.  Unfortunately this optimization removes checks which are necessary in BIND and the demonstrated effect is to cause unpredictable assertion failures during execution of named, resulting in termination of the server process.

Future versions of BIND will be modified so that the optimizer does not incorrectly remove necessary checks when building from source, and until those versions are available multiple immediate workarounds are available.

Solution:

If your existing BIND binaries were compiled with a version of GCC prior to GCC 4.9.0, or were compiled with a different compiler, you do not need to do anything.

Until new versions of BIND are released which correct the problem automatically, if you need to build (or rebuild) BIND from source, you have a choice of several workarounds:

  • Use a version of gcc with a version number less than 4.9.x
  • Add the compiler flag "-fno-delete-null-pointer-checks" to your compilation options (e.g. "CFLAGS=-fno-delete-null-pointer-checks ./configure [configure options]")
  • Use a compiler other than gcc.  (ISC is unable to guarantee that no other compilers perform this optimization with BIND but we are not aware of any reported issues other than those that have been experienced using GCC 4.9.0)

- Do you have Questions? Questions regarding this advisory should go to support@isc.org.

This operational notification is a copy of the official document located on our website.

Legal Disclaimer:

Internet Systems Consortium (ISC) is providing this notice on an "AS IS" basis. No warranty or guarantee of any kind is expressed in this notice and none should be inferred. ISC expressly excludes and disclaims any warranties regarding this notice or materials referred to in this notice, including, without limitation, any implied warranty of merchantability, fitness for a particular purpose, absence of hidden defects, or of non-infringement. Your use of, or reliance on, this notice or materials referred to in this notice is at your own risk. ISC may change this notice at any time.

© 2001-2014 Internet Systems Consortium