libanl: properly cleanup if first helper thread creation failed (bug 22927)

(cherry picked from commit bd3b0fbae33a9a4cc5e2daf049443d5cf03d4251)

3 files changed, 12 insertions, 2 deletions

diff --git a/ChangeLog b/ChangeLog
index 17a9232cdf..390b91ca45 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2018-11-05  Andreas Schwab  <schwab@suse.de>
+
+	[BZ #22927]
+	* resolv/gai_misc.c (__gai_enqueue_request): Don't crash if
+	creating the first helper thread failed.
+
 2018-10-23  Adhemerval Zanella  <adhemerval.zanella@linaro.org>
 
 	[BZ #23709]
diff --git a/NEWS b/NEWS
index d99732fe06..3c708d2903 100644
--- a/NEWS
+++ b/NEWS
@@ -141,6 +141,7 @@ The following bugs are resolved with this release:
   [22753] libc: preadv2/pwritev2 fallback code should handle offset=-1
   [22774] malloc: Integer overflow in malloc (CVE-2018-6551)
   [22786] Fix path length overflow in realpath
+  [22927] libanl: properly cleanup if first helper thread creation failed
   [23005] resolv: Fix crash in resolver on memory allocation failure
   [23024] getlogin_r: return early when linux sentinel value is set
   [23037] resolv: Fully initialize struct mmsghdr in send_dg
diff --git a/resolv/gai_misc.c b/resolv/gai_misc.c
index fd9aa356be..5e5e4b82fe 100644
--- a/resolv/gai_misc.c
+++ b/resolv/gai_misc.c
@@ -264,8 +264,11 @@ __gai_enqueue_request (struct gaicb *gaicbp)
 	      /* We cannot create a thread in the moment and there is
 		 also no thread running.  This is a problem.  `errno' is
 		 set to EAGAIN if this is only a temporary problem.  */
-	      assert (lastp->next == newp);
-	      lastp->next = NULL;
+	      assert (requests == newp || lastp->next == newp);
+	      if (lastp != NULL)
+		lastp->next = NULL;
+	      else
+		requests = NULL;
 	      requests_tail = lastp;
 
 	      newp->next = freelist;