Snapshots for CURRENT
Julien ÉLIE
julien at trigofacile.com
Fri Aug 10 07:44:53 UTC 2007
En réponse à Russ Allbery :
>> By the way, I have for innd/artparse.t:
>
>> ==9259== Invalid write of size 1
>> ==9259== at 0x805257F: ARTsetup (art.c:287)
>> ==9259== by 0x8051628: initialize (artparse-t.c:98)
>> ==9259== by 0x8051A19: main (artparse-t.c:175)
>> ==9259== Address 0x42DF927 is 1 bytes before a block of size 1 alloc'd
>> ==9259== at 0x401D38B: malloc (vg_replace_malloc.c:149)
>> ==9259== by 0x80A296A: x_strdup (xmalloc.c:128)
>> ==9259== by 0x8052569: ARTsetup (art.c:286)
>> ==9259== by 0x8051628: initialize (artparse-t.c:98)
>> ==9259== by 0x8051A19: main (artparse-t.c:175)
>
> I haven't looked at that in detail yet, but that definitely looks like a
> bug.
I do not understand why it happens.
It is here:
ARTsetup(void)
{
/* Get our Path name, kill trailing !. */
ARTpathme = xstrdup(Path.data);
ARTpathme[Path.used - 1] = '\0';
And it should come from:
Path.used = strlen(innconf->pathhost) + 1;
Path.size = Path.used + 1;
Path.data = xmalloc(Path.size);
snprintf(Path.data, Path.size, "%s!", innconf->pathhost);
286 ARTpathme = xstrdup(Path.data);
(gdb) print ARTpathme
$3 = 0x0
(gdb) print Path
$4 = {size = 1024, used = 0, left = 1, data = 0x80d00a0 ""}
(gdb) print *Path.data
$5 = 0 '\0'
(gdb) next
287 ARTpathme[Path.used - 1] = '\0';
(gdb) print *ARTpathme
$6 = 0 '\0'
And then, there is an illegal write since Path.used = 0.
I do not know why Path.size = 1024 while Path.used = 0...
And I even try to add a pathhost: line in tests/data/etc/inn.conf;
nothing is seen (Path.data is still "").
--
Julien ÉLIE
« -- On nage dans le lac, on escalade les montagnes...
-- Ben quoi ? Nous ne sommes pas en vacances ! » (Astérix)
More information about the inn-workers
mailing list