Corrupted double-linked list (nnrpd, Python, innconfval)

Sat Jun 21 17:45:14 UTC 2008

Hi Russ,

>> void
>> PY_close_python(void)
>> {
>>    if (files != NULL) {
>>        hash_traverse(files, file_trav, NULL);
>> -->     hash_free(files);
>>    }
>
> That doesn't set files back to NULL, so if it ever happens that one closes
> and then reopens Python in the same process, I bet files is still pointing
> to the old freed memory and INN blithely tries to write to it.
>
> Adding files = NULL; after hash_free(files) will fix it if I'm right.

I have just added that and I now have:

19:27 news at news ~/bin/filter% telnet localhost 1190
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
502 Internal Error (7).  Goodbye
Connection closed by foreign host.

without the glibc error.

I tried to attach gdb to nnrpd and I have the following result:

Single stepping until exit from function accept,
which has no line number information.
main (argc=4, argv=0x0) at nnrpd.c:885
885                     if (fd < 0)
(gdb)
884                     fd = accept(lfd, NULL, NULL);
(gdb)
885                     if (fd < 0)
(gdb)
888                     for (i = 0; i <= innconf->maxforks && (pid = fork()) < 0; i++) {
(gdb)
896                     if (ChangeTrace) {
(gdb) bt
#0  main (argc=-1212550428, argv=0xb7ad2f90) at nnrpd.c:896
(gdb) s
901                     if (pid != 0)
(gdb) bt
#0  main (argc=Cannot access memory at address 0x0
) at nnrpd.c:901

It is just after the line with the fork when the connection is closed.
I do not know why argc contains that thing.  Is it normal?

It also has that with Python scripts disabled and no hooks, so maybe it is normal.

-- 
Julien ÉLIE

« Quand on aime on ne compte pas...
  Ça tombe bien, je suis mauvaise en calcul ! » 