nscd: Drop local address tuple variable [BZ #29607]

When a request needs to be resent (e.g. due to insufficient buffer
space), the references to subsequent tuples in the local variable are
stale and should not be used.  This used to work by accident before, but
since 1d495912a it no longer does.  Instead of trying to reset it, just
let gethostbyname4_r write into TUMPBUF6 for us, thus maintaining a
consistent state at all times.  This is now consistent with what is done
in gaih_inet for getaddrinfo.

Resolves: BZ #29607
Reported-by: Holger Hoffstätte <holger@applied-asynchrony.com>
Tested-by: Holger Hoffstätte <holger@applied-asynchrony.com>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
(cherry picked from commit 6e33e5c4b7)

NEWS

@@ -28,6 +28,8 @@ The following bugs are resolved with this release:
   [29537] libc: [2.34 regression]: Alignment issue on m68k when using
   [29539] libc: LD_TRACE_LOADED_OBJECTS changed how vDSO library are
   [29583] Use 64-bit interfaces in gconv_parseconfdir
+  [29607] nscd repeatably crashes calling __strlen_avx2 when hosts cache is
+    enabled
   [29638] libc: stdlib: arc4random fallback is never used
 
 Version 2.36

nscd/aicache.c

@@ -110,11 +110,10 @@ addhstaiX (struct database_dyn *db, int fd, request_header *req,
 							  "gethostbyname4_r");
       if (fct4 != NULL)
 	{
-	  struct gaih_addrtuple atmem;
 	  struct gaih_addrtuple *at;
 	  while (1)
 	    {
-	      at = &atmem;
+	      at = NULL;
 	      rc6 = 0;
 	      herrno = 0;
 	      status[1] = DL_CALL_FCT (fct4, (key, &at,
@@ -137,7 +136,7 @@ addhstaiX (struct database_dyn *db, int fd, request_header *req,
 	    goto next_nip;
 
 	  /* We found the data.  Count the addresses and the size.  */
-	  for (const struct gaih_addrtuple *at2 = at = &atmem; at2 != NULL;
+	  for (const struct gaih_addrtuple *at2 = at; at2 != NULL;
 	       at2 = at2->next)
 	    {
 	      ++naddrs;