CHANresize in INN-2.5.0

Christoph Biedl cbiedl at gmx.de
Fri Jun 16 17:13:06 UTC 2006


Hi,

playing around with INN 2.5.0 (20060613 prerelease) I noticed 
strange messages in news.notice
| innd: <remote IP>:18 cant read: Bad address
caused by huge read command like (ltrace)
| read(19, "", 4294963252)                         = -1
and a lot of segfaults. After three days of searching I think I found
the problem in CHANresize in art.c:

--- chan.c.org  2006-06-13 14:08:48.000000000 +0200
+++ chan.c      2006-06-16 18:56:25.573081321 +0200
@@ -714,7 +714,7 @@
     bp = &cp->In;
     change = size - bp->size;
     bp->size = size;
-    bp->left = bp->left + size;
+    bp->left += change;
     p = bp->data;
 
     /* Reallocate the buffer and adjust offets if realloc moved the location

Is there anybody using CURRENT? This problem appears as soon as an
article arrives that is more than about 4080 bytes in wire size.

More oddities are to come. The connection now stalls after a while
without appearent reason or log messages B-)

    Christoph


More information about the inn-workers mailing list