innfeed segfaults on NULL buffer in getBanner() - mine too..

Julien ÉLIE julien at trigofacile.com
Mon Aug 13 16:21:55 UTC 2007 

Hi,

I believe I have found where exactly the inbuffer is NULLified.
It disappears during a handleSignals() call in endpoint.c.

What we are tracking is the content of priorityList[1].



It is set up by prepareRead here:

1248          if ( !prepareRead (e, readBuffers, getBanner, cxn, 1) )
(gdb) print **priorityList[1].inBuffer
Error accessing memory address 0x0: Bad address.
(gdb) next
1256              initReadBlockedTimeout (cxn) ;
(gdb) print **priorityList[1].inBuffer
$51 = {refCount = 2, mem = 0x56d400 "", memSize = 256, dataSize = 0, deletable = true, bufferDeletedCbk = 0, bufferDeletedCbkData = 
0x0, next = 0x56e000,
  prev = 0x0}

So I believe everything is currently fine.



Until...

658           else if (sval > 0)
(gdb)
661               int readyCount = sval ;
(gdb)
662               int endpointsServiced = 1 ;
(gdb)
664               handleSignals() ;
(gdb)
Breakpoint 3, handleSignals () at endpoint.c:1675
1675      for (i = 1; i < NSIG; i++)
(gdb)
1677          if (sigFlags[i])
(gdb) print **priorityList[1].inBuffer
$52 = {refCount = 2, mem = 0x56d400 "", memSize = 256, dataSize = 0, deletable = true, bufferDeletedCbk = 0, bufferDeletedCbkData = 
0x0, next = 0x56e000,
  prev = 0x0}
(gdb) next
1675      for (i = 1; i < NSIG; i++)
(gdb)
1677          if (sigFlags[i])
(gdb)
1700              sigFlags[i] = 0;
(gdb)
1702              if (sigHandlers[i] != NULL &&
(gdb) print **priorityList[1].inBuffer
Error accessing memory address 0x0: Bad address.
(gdb) print i
$53 = 16
(gdb) print *priorityList[1]
$54 = {inBuffer = 0x56f800, inBufferIdx = 0, inIndex = 0, inMinLen = 1, inAmtRead = 0, inCbk = 0x422820 <getBanner>, inClientData = 
0x56a600, outBuffer = 0x0,
  outBufferIdx = 0, outIndex = 0, outSize = 0, outAmtWritten = 0, outProgressCbk = 0, outDoneCbk = 0x4225e0 <connectionDone>, 
outClientData = 0x56a600,
  workCbk = 0, workData = 0x0, myFd = 6, myErrno = 0, selectHits = 1}
(gdb) print sigFlags[i]
$55 = 5693512
(gdb) print 0x56f800
$56 = 5699584


And everything goes wrong from that moment... causing doRead to fail just after.


I do not know what is going on with that sigFlags and why priorityList is
affected by it.
If I read handleSignals(), I see:

#else
      /* hope for the best */
#endif

Hm, well, that's encouraging :)


If somebody has an idea...

-- 
Julien ÉLIE

« Medicus curat, natura sanat. »

More information about the inn-workers mailing list