innfeed segfaults on NULL buffer in getBanner() - mine too..
Julien ÉLIE
julien at trigofacile.com
Mon Aug 20 11:51:24 UTC 2007
Hi,
I do not know what to do with that system signal flag 16 on FreeBSD 6.2 (*64* bits).
It is perhaps not INN's fault and the problem should be reported to the maintainers
of the port of INN for FreeBSD <http://www.freebsd.org/cgi/cvsweb.cgi/ports/news/inn/>,
unless someone here has an idea of what is going on.
By the way, does INN 2.4.x work fine on FreeBSD 6.2 (*32* bits)?
It is worth mentioning that they have been reporting INN 2.5 to be broken for
six months ("BROKEN: Does not install") in
<http://www.freebsd.org/cgi/cvsweb.cgi/ports/news/inn-current/>.
For record, the problem happens here, in innfeed/buffer.c:
Buffer *makeBufferArray (Buffer buff, ...)
{
va_list ap ;
size_t cLen = 10, idx = 0 ;
Buffer *ptr, p ;
ptr = xcalloc (cLen, sizeof(Buffer)) ;
ptr [idx++] = buff ; <-----------------------------------------
va_start (ap, buff) ;
do
{
p = va_arg (ap, Buffer) ;
if (idx == cLen)
{
cLen += 10 ;
ptr = xrealloc (ptr, sizeof(Buffer) * cLen) ;
}
ptr [idx++] = p ;
}
while (p != NULL) ;
va_end (ap) ;
return ptr ;
}
--
Julien ÉLIE
Previous message for further information:
>> I believe I have found where exactly the inbuffer is NULLified.
>> It disappears during a handleSignals() call in endpoint.c.
>>
>> What we are tracking is the content of priorityList[1].
>
> And also why sigFlags[16] is always set to 5693512.
> Well, why is not it 0?
> Does someone know what that SIGURG signal means? And especially
> how to prevent it from happening?
>
> On that FreeBSD, I have in /usr/include/sys/signal.h:
>
> #if __POSIX_VISIBLE >= 200112 || __XSI_VISIBLE
> #define SIGURG 16 /* urgent condition on IO channel */
> #endif
>
> So there is an urgent socket condition which happens during:
>
> 1246 readBuffers = makeBufferArray (bufferTakeRef (cxn->respBuffer), NULL) ;
>
>
>
> Breakpoint 6, makeBufferArray (buff=0x56e048) at buffer.c:295
> 295 size_t cLen = 10, idx = 0 ;
> (gdb)
> 298 ptr = xcalloc (cLen, sizeof(Buffer)) ;
> (gdb)
> x_calloc (n=10, size=8, file=0x4493b8 "buffer.c", line=298) at xmalloc.c:98
>
>
> The size (8) is right (64-bit architecture).
> (gdb) print sizeof(buff)
> $38 = 8
>
>
> 300 ptr [idx++] = buff ;
> (gdb) print sigFlags[16]
> $39 = 0
> (gdb) step
> 302 va_start (ap, buff) ;
> (gdb) print sigFlags[16]
> $40 = 5693512
>
>
> Well, it is "ptr [idx++] = buff ;" which causes sigFlags[16] not to be null.
>
>
> (gdb) print ptr
> $60 = (Buffer *) 0x56f800
> (gdb) print *ptr
> $61 = 0x56e048
> (gdb) print **ptr
> $62 = {refCount = 2, mem = 0x56d400 "", memSize = 256, dataSize = 0, deletable = true,
> bufferDeletedCbk = 0, bufferDeletedCbkData = 0x0, next = 0x56e000, prev = 0x0}
More information about the inn-workers
mailing list