Ticket #51 (closed defect: fixed)

Opened 6 years ago

Last modified 6 years ago

linux crash in stratcond

Reported by: jesus Assigned to: jesus
Priority: major Milestone:
Component: stratcond Severity:
Keywords: Cc:

Description

After a few seconds I get a segfault:

segfault at 1238 ip 417cf4 sp 43a81ed0 error 4 in stratcond[400000+4a000]

Below is an output of the final few lines of the strace.

21168 sendto(5, "P\0\0\1\4\0\n        INSERT INTO strat"..., 397, 0, NULL, 0) = 397
21168 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
21168 poll([{fd=5, events=POLLIN|POLLERR, revents=POLLIN}], 1, -1) = 1
21168 recvfrom(5, "1\0\0\0\0042\0\0\0\4n\0\0\0\4C\0\0\0\17INSERT 0 1\0Z"..., 16384, 0, NULL, NULL) = 37
21168 rt_sigprocmask(SIG_BLOCK, [PIPE], [], 8) = 0
21168 sendto(5, "Q\0\0\0\34RELEASE SAVEPOINT batch\0", 29, 0, NULL, 0) = 29
21168 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
21168 poll([{fd=5, events=POLLIN|POLLERR, revents=POLLIN}], 1, -1) = 1
21168 recvfrom(5, "C\0\0\0\fRELEASE\0Z\0\0\0\5T", 16384, 0, NULL, NULL) = 19
21168 rt_sigprocmask(SIG_BLOCK, [PIPE], [], 8) = 0
21168 sendto(5, "Q\0\0\0\vCOMMIT\0", 12, 0, NULL, 0) = 12
21168 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
21168 poll([{fd=5, events=POLLIN|POLLERR, revents=POLLIN}], 1, -1) = 1
21168 recvfrom(5, "C\0\0\0\vCOMMIT\0Z\0\0\0\5I", 16384, 0, NULL, NULL) = 18
21168 epoll_ctl(3, EPOLL_CTL_ADD, 4, {EPOLLOUT|EPOLLERR|EPOLLHUP, {u32=4, u64=4}}) = 0
21168 --- SIGSEGV (Segmentation fault) @ 0 (0) ---
21176 +++ killed by SIGSEGV +++
21173 +++ killed by SIGSEGV +++
21172 +++ killed by SIGSEGV +++
21170 +++ killed by SIGSEGV +++
21169 +++ killed by SIGSEGV +++
21164 +++ killed by SIGSEGV +++

Change History

08/12/08 00:51:42 changed by jesus

  • status changed from new to assigned.

User submitted valgrind report:

==7505== Conditional jump or move depends on uninitialised value(s)
==7505==    at 0x4A07B28: strlen (mc_replace_strmem.c:242)
==7505==    by 0x415E52: __noit__strndup (stratcon_datastore.c:134)
==7505==    by 0x416111: stratcon_datastore_saveconfig (stratcon_datastore.c:514)
==7505==    by 0x40D6AD: main (stratcond.c:105)

08/12/08 00:52:31 changed by jesus

(In [368]) strlcpy will run over by one here. refs #51

08/12/08 01:32:30 changed by jesus

(In [369]) reimplement without strlcpy, refs #51

08/12/08 02:09:07 changed by jesus

==7505== Invalid read of size 8
==7505==    at 0x417E18: stratcon_datastore_asynch_execute (stratcon_datastore.c:95)
==7505==    by 0x41FC99: eventer_jobq_consumer (eventer_jobq.c:233)
==7505==    by 0x3D02A07299: start_thread (in /lib64/libpthread-2.8.so)
==7505==    by 0x3D01AE42CC: clone (in /lib64/libc-2.8.so)
==7505==  Address 0x501ed08 is 192 bytes inside a block of size 200 free'd
==7505==    at 0x4A0609F: free (vg_replace_malloc.c:323)
==7505==    by 0x417E05: stratcon_datastore_asynch_execute (stratcon_datastore.c:93)
==7505==    by 0x41FC99: eventer_jobq_consumer (eventer_jobq.c:233)
==7505==    by 0x3D02A07299: start_thread (in /lib64/libpthread-2.8.so)
==7505==    by 0x3D01AE42CC: clone (in /lib64/libc-2.8.so)

08/12/08 02:09:30 changed by jesus

(In [370]) this was reading freed memory, refs #51

08/13/08 21:45:47 changed by jesus

  • status changed from assigned to closed.
  • resolution set to fixed.