search

google-code-export / serf

Automatically exported from code.google.com/p/serf
Apache License 2.0
1 stars 1 forks source link

serf_linebuf_fetch jump on uninitialised value #17

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
valgrind --tool=memcheck --partial-loads-ok=yes --num-callers=25
--log-file=/tmp/valsvn
--suppressions=/home/dchristian/www/no_crawl/svn-trace/val.sup
--gen-suppressions=all ~/bin/svn checkout
http://serf.googlecode.com/svn/trunk/ serf

Yields 2 serious valgrind warnings:

==18012== Warning: invalid file descriptor -1 in syscall close()
==18012== Conditional jump or move depends on uninitialised value(s)
==18012==    at 0x414F289: serf_linebuf_fetch (buckets.c:476)
==18012==    by 0x414FB1C: fetch_line (response_buckets.c:101)
==18012==    by 0x414FD1E: run_machine (response_buckets.c:190)
==18012==    by 0x414FFAC: wait_for_body (response_buckets.c:296)
==18012==    by 0x414FFDA: serf_bucket_response_wait_for_headers
(response_buckets.c:314)
==18012==    by 0x4143D72: handle_response (util.c:915)
==18012==    by 0x414E468: read_from_connection (context.c:742)
==18012==    by 0x414E5D7: process_connection (context.c:846)
==18012==    by 0x414E806: serf_context_run (context.c:968)
==18012==    by 0x414189C: finish_report (update.c:2138)

==18012== Conditional jump or move depends on uninitialised value(s)
==18012==    at 0x40082EC: memcpy (mac_replace_strmem.c:394)
==18012==    by 0x414F2D6: serf_linebuf_fetch (buckets.c:498)
==18012==    by 0x414FB1C: fetch_line (response_buckets.c:101)
==18012==    by 0x414FD1E: run_machine (response_buckets.c:190)
==18012==    by 0x414FFAC: wait_for_body (response_buckets.c:296)
==18012==    by 0x414FFDA: serf_bucket_response_wait_for_headers
(response_buckets.c:314)
==18012==    by 0x4143D72: handle_response (util.c:915)
==18012==    by 0x414E468: read_from_connection (context.c:742)
==18012==    by 0x414E5D7: process_connection (context.c:846)
==18012==    by 0x414E806: serf_context_run (context.c:968)
==18012==    by 0x414189C: finish_report (update.c:2138)

And finally dumps core (same as item #16).
==18012== Process terminating with default action of signal 11 (SIGSEGV):
dumping core
==18012==  Access not within mapped region at address 0xFFFFFFFE
==18012==    at 0x4008398: memcpy (mac_replace_strmem.c:394)
==18012==    by 0x414F2D6: serf_linebuf_fetch (buckets.c:498)
==18012==    by 0x414FB1C: fetch_line (response_buckets.c:101)
==18012==    by 0x414FD1E: run_machine (response_buckets.c:190)
==18012==    by 0x414FFAC: wait_for_body (response_buckets.c:296)
==18012==    by 0x414FFDA: serf_bucket_response_wait_for_headers
(response_buckets.c:314)
==18012==    by 0x4143D72: handle_response (util.c:915)
==18012==    by 0x414E468: read_from_connection (context.c:742)
==18012==    by 0x414E5D7: process_connection (context.c:846)
==18012==    by 0x414E806: serf_context_run (context.c:968)
==18012==    by 0x414189C: finish_report (update.c:2138)

Original issue reported on code.google.com by DanChris...@gmail.com on 1 Jun 2007 at 8:38

GoogleCodeExporter commented 9 years ago 
The way this code gets executed is if an error is ignored - Issue 18 should 
have the
real fix for this.

Original comment by justin.e...@gmail.com on 9 Jun 2007 at 12:31