apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stas Bekman <s...@stason.org>
Subject segfault in apr_bucket_delete
Date Thu, 20 May 2004 09:18:40 GMT
Doing just:

   apr_brigade_create(p, ba);

and leaving here segfaults:

#0  0x4017a81f in apr_brigade_cleanup (data=0x93e7110) at apr_brigade.c:47
47              apr_bucket_delete(e);
(gdb) bt
#0  0x4017a81f in apr_brigade_cleanup (data=0x93e7110) at apr_brigade.c:47
#1  0x4017a7d6 in brigade_cleanup (data=0x93e7110) at apr_brigade.c:33
#2  0x40277e4e in run_cleanups (cref=0x93d9500) at apr_pools.c:1997
#3  0x402775eb in apr_pool_destroy (pool=0x93d94f0) at apr_pools.c:763
#4  0x402775ad in apr_pool_clear (pool=0x93d34d8) at apr_pools.c:723
#5  0x080d9a76 in child_main (child_num_arg=1) at prefork.c:528
#6  0x080d9dbb in make_child (s=0x81420c0, slot=1) at prefork.c:703
#7  0x080d9e30 in startup_children (number_to_start=1) at prefork.c:721
#8  0x080da235 in ap_mpm_run (_pconf=0x813d0a8, plog=0x81851c8, s=0x81420c0)
     at prefork.c:940
#9  0x080e0ea9 in main (argc=9, argv=0xbffff264) at main.c:619
(gdb) p e

opening up apr_bucket_delete in apr_brigade_cleanup gives:

APU_DECLARE(apr_status_t) apr_brigade_cleanup(void *data)
{
     apr_bucket_brigade *b = data;
     apr_bucket *e;

     while (!APR_BRIGADE_EMPTY(b)) {
         e = APR_BRIGADE_FIRST(b);
         APR_RING_UNSPLICE((e), (e), link);
         (e)->type->destroy((e)->data);
         (e)->free(e);
         //apr_bucket_delete(e);
     }
     /*
      * We don't need to free(bb) because it's allocated from a pool.
      */
     return APR_SUCCESS;
}

brings us to APR_RING_UNSPLICE, which segfaults doing:

   APR_RING_NEXT(APR_RING_PREV((ep1), link), link) = ...;

gdb> p *e
$2 = {link = {next = 0x0, prev = 0x9402a60}, type = 0x4048c600, length = 2,
   start = 0, data = 0x9403180, free = 0x8067014, list = 0x6c24202c}
...
gdb> p (e->link.prev)->link
$5 = {next = 0x0, prev = 0x93d7660}
(gdb) p (e->link.prev)->link.next
$6 = (struct apr_bucket *) 0x0

which translates to:

    0x0 = ...;

boom, segfault. Not sure where it the right place to add a check w/o speed 
penalty.

And please add this case to the apr test suite. It's painful to discover this 
kind of segfaults, when trying to test the glue code. Thanks.

-- 
__________________________________________________________________
Stas Bekman            JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/     mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com

Mime
View raw message