cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: segfault in hash.c

From: Jeff Pohlmeyer <yetanothergeek_at_yahoo.com>
Date: Fri, 12 Sep 2003 16:04:48 -0700 (PDT)

I did some poking around to see if I could maybe track down this bug myself,
since I know you are strapped for time right now.

Since ElectricFence seems to insist there is a problem in Curl_resolv_unlock(),
I added this line, just to see what was happening there:

fprintf(stderr, "Curl_resolv_unlock: addr=0x%x timestamp=%d inuse=%ld\n",
           dns->addr, dns->timestamp, dns->inuse );
           

Now, if I run my test program, this is what I see:

  Curl_resolv_unlock: addr=0x40299c00 timestamp=1076468944 inuse=80
  Curl_resolv_unlock: addr=0x810bdd0 timestamp=0 inuse=48
  Curl_resolv_unlock: addr=0x40299cd0 timestamp=1076468944 inuse=112
  Curl_resolv_unlock: addr=0x40299cd0 timestamp=135319712 inuse=48
  Curl_resolv_unlock: addr=0x40299cd0 timestamp=135319712 inuse=47
  Curl_resolv_unlock: addr=0x40299c00 timestamp=1076468944 inuse=79
  Curl_resolv_unlock: addr=0x40299c00 timestamp=1076468944 inuse=78
  Curl_resolv_unlock: addr=0x40299cd0 timestamp=135319712 inuse=46
  Curl_resolv_unlock: addr=0x8116f98 timestamp=1063407068 inuse=1
  Curl_resolv_unlock: addr=0x810bdd0 timestamp=0 inuse=80
  Curl_resolv_unlock: addr=0x810d0c0 timestamp=135332176 inuse=1936025441
  Curl_resolv_unlock: addr=0x8111440 timestamp=0 inuse=80
  Curl_resolv_unlock: addr=0x8116f98 timestamp=1063407068 inuse=0
  Curl_resolv_unlock: addr=0x74736f48 timestamp=1684086842 inuse=1936666227
  Curl_resolv_unlock: addr=0x40299cd0 timestamp=1076468944 inuse=80
  Curl_resolv_unlock: addr=0x8116ec8 timestamp=1063407068 inuse=1
  Curl_resolv_unlock: addr=0x810c888 timestamp=1076469008 inuse=2
  Curl_resolv_unlock: addr=0x8116f98 timestamp=1063407068 inuse=-1
  Curl_resolv_unlock: addr=0x0 timestamp=0 inuse=0
  Curl_resolv_unlock: addr=0x40299d30 timestamp=1076469040 inuse=0
  Curl_resolv_unlock: addr=0x1 timestamp=134993344 inuse=0

Yikes! it looks like the addr pointer is totally trashed here!
The addr looks good in the host_callback(), but by the time it
makes it to Curl_resolv_unlock(), it is corrupted.

If I comment out the Curl_hash_add() line in cache_resolv_response(),
( which effectively disables the cache completely )

/* Curl_hash_add(data->hostcache, entry_id, entry_len+1, (const void *) dns); */

Then the Curl_resolv_unlock() behaves as expected:

  Curl_resolv_unlock: addr=0x8116a10 timestamp=1063407353 inuse=1
  Curl_resolv_unlock: addr=0x8116a58 timestamp=1063407353 inuse=1
  Curl_resolv_unlock: addr=0x8116bb0 timestamp=1063407353 inuse=1
  Curl_resolv_unlock: addr=0x8116b68 timestamp=1063407353 inuse=1
  Curl_resolv_unlock: addr=0x8116d18 timestamp=1063407353 inuse=1
  Curl_resolv_unlock: addr=0x8116da8 timestamp=1063407353 inuse=1
  Curl_resolv_unlock: addr=0x8116cd0 timestamp=1063407353 inuse=1
  Curl_resolv_unlock: addr=0x8116f50 timestamp=1063407353 inuse=1
  Curl_resolv_unlock: addr=0x8116df0 timestamp=1063407353 inuse=1
  Curl_resolv_unlock: addr=0x8116e38 timestamp=1063407353 inuse=1
  Curl_resolv_unlock: addr=0x8116e78 timestamp=1063407353 inuse=1
  Curl_resolv_unlock: addr=0x8116c40 timestamp=1063407353 inuse=1
  Curl_resolv_unlock: addr=0x8116bf8 timestamp=1063407353 inuse=1
  Curl_resolv_unlock: addr=0x8116f98 timestamp=1063407353 inuse=1
  Curl_resolv_unlock: addr=0x8116f08 timestamp=1063407353 inuse=1
  Curl_resolv_unlock: addr=0x8116d60 timestamp=1063407353 inuse=1
  Curl_resolv_unlock: addr=0x8116a98 timestamp=1063407353 inuse=1
  Curl_resolv_unlock: addr=0x8116b28 timestamp=1063407353 inuse=1
  Curl_resolv_unlock: addr=0x8116ae0 timestamp=1063407353 inuse=1
  Curl_resolv_unlock: addr=0x8116c88 timestamp=1063407353 inuse=1
  Curl_resolv_unlock: addr=0x8116ec0 timestamp=1063407353 inuse=1

As far I can see, the connectdata->connect_addr->addr is the only
thing here that is getting corrupted.

Of course, when Curl_resolv_unlock does the dns->inuse--; on a "random" address,
there is no telling what sort of side effects this could have, no?

At any rate, I will try to keep digging, unless you see something here
that "clicks" ( Or if you think I'm on a wild goose chase ;-)

- Jeff

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
Received on 2003-09-13