innfeed segfaults on NULL buffer in getBanner() - mine too..

Julien ÉLIE julien at trigofacile.com
Thu Aug 16 10:40:22 UTC 2007


Hi,

> I believe I have found where exactly the inbuffer is NULLified.
> It disappears during a handleSignals() call in endpoint.c.
>
> What we are tracking is the content of priorityList[1].

And also why sigFlags[16] is always set to 5693512.
Well, why is not it 0?
Does someone know what that SIGURG signal means?  And especially
how to prevent it from happening?

On that FreeBSD, I have in /usr/include/sys/signal.h:

#if __POSIX_VISIBLE >= 200112 || __XSI_VISIBLE
#define SIGURG          16      /* urgent condition on IO channel */
#endif

So there is an urgent socket condition which happens during:

1246          readBuffers = makeBufferArray (bufferTakeRef (cxn->respBuffer), NULL) ;



Breakpoint 6, makeBufferArray (buff=0x56e048) at buffer.c:295
295       size_t cLen = 10, idx = 0 ;
(gdb)
298       ptr = xcalloc (cLen, sizeof(Buffer)) ;
(gdb)
x_calloc (n=10, size=8, file=0x4493b8 "buffer.c", line=298) at xmalloc.c:98


The size (8) is right (64-bit architecture).
(gdb) print sizeof(buff)
$38 = 8


300       ptr [idx++] = buff ;
(gdb) print sigFlags[16]
$39 = 0
(gdb) step
302       va_start (ap, buff) ;
(gdb) print sigFlags[16]
$40 = 5693512


Well, it is "ptr [idx++] = buff ;" which causes sigFlags[16] not to be null.


(gdb) print ptr
$60 = (Buffer *) 0x56f800
(gdb) print *ptr
$61 = 0x56e048
(gdb) print **ptr
$62 = {refCount = 2, mem = 0x56d400 "", memSize = 256, dataSize = 0, deletable = true, bufferDeletedCbk = 0, bufferDeletedCbkData = 
0x0, next = 0x56e000,
  prev = 0x0}


-- 
Julien ÉLIE

« Qui donc aima jamais, qui n'aima tout de suite ? » (Métrodore) 



More information about the inn-workers mailing list