Unitialised reads in innd (current from this morning)
Kiernan, Alex
alexk at demon.net
Thu Feb 15 16:01:27 UTC 2001
> } Looks like a buffer overrun, the core dump is completely trashed.
> :
> } ARTcontrol [art.c:1248]
> } ARTpost [art.c:2696]
>
> I think all of known bugs are fixed. Your code is a bit old.
> Current line 2696 in art.c calls SITEsend(). Could you update?
Sorry, I'd forgotten I was running from my modified code with the history
API in it, which is current with whats in CVS. art.c:2696 is a call to
ARTcancel in that code I have:
art.c:1248
for (p = ControlWord; *p && !ISWHITE(*p); p++)
if (CTYPE(isupper, *p))
*p = tolower(*p);
if (*p)
*p++ = '\0';
I'll roll it back to straight -current & leave it running overnight to see
if it dies again.
Later... art.c:1245 (straight from CVS this time!), looks like it could be
the problem - if the length of HDR(HDR__CONTROL) is >= SMBUF then
ControlWord won't get null terminated by the strncpy() there.
--
Alex Kiernan, Principal Engineer, Development, Thus PLC
More information about the inn-workers
mailing list