Closed ntadas closed 8 years ago
this crash still happens, even with the fix for #199
Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x4c7ff480 (LWP 2102)] 0x0f33a8a4 in nc_session_monitor_remove (litem=0x4aa33138) at src/session.c:483 483 src/session.c: No such file or directory. (gdb) backtrace
...
(gdb) frame 1
1401 in src/session.c (gdb) print aux->offset_next No symbol "aux" in current context. (gdb) frame 0
483 in src/session.c (gdb) print aux->offset_next Cannot access memory at address 0xfb4be33c (gdb) print litem->offset_prev $1 = 1331121664
I'm still trying to understand the pattern for this to happen. but it has to do with deleting and creating some subscriptions.
Found the issue :) While doing some debug and some code inspections I noticed the following:
in session.c line 374 you are calculating the size of the session entry taking into account that size of the struct + username len + hostname len If the user name or hostname are not defined you add only 1 later on while populating the new session data you do the following:
strcpy(litem->data, (session->username == NULL) ? "UNKNOWN" : session->username); strcpy(litem->data + 1 + strlen(litem->data), (session->hostname == NULL) ? "UNKNOWN" : session->hostname);
if hostname or username are null you write UNKNOWN but you only have allocated for the size 1 byte for each one. this will cause the overwrite of the following entry.
In my debug I notice that the crash only happens if I delete the first session and create it again and then try to delete the second session (in my target the hostname is not defined). Additionally if you look the litem->offset_prev in the previous post, it converts to hexa: 4f 57 4e 00 which in ascii matches OWN\0 (from UNKNOWN).
Good job! Please verify that the just commited patch really fixes the issue.
Hi,
I've a new crash when exiting several session at the same time (in this case 3). in the backtrace I have:
Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x4c7ff480 (LWP 2090)] 0x0f33a8a4 in nc_session_monitor_remove (litem=0x4aa330b1) at src/session.c:483 483 src/session.c: No such file or directory. (gdb) backtrace
0 0x0f33a8a4 in nc_session_monitor_remove (litem=0x4aa330b1) at src/session.c:483
1 0x0f33cf7c in nc_session_free (session=0x4be91b40) at src/session.c:1365
2 0x0fc75c64 in NetconfSession::~NetconfSession (this=0x1010ec08, __in_chrg=) at
... (gdb) frame 1 print litem->offset_prev $7 = 1331121664
still something is wrong with linked lists. I'll try to debug a little bit more the issue if I find something I'll update the post. (not sure maybe its an issue with the last session being deleted?)