apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Cliff Woolley <jwool...@virginia.edu>
Subject Re: segfault in apr_bucket_delete
Date Sat, 22 May 2004 03:25:45 GMT
On Fri, 21 May 2004, Stas Bekman wrote:

> Joe Orton wrote:
> > On Thu, May 20, 2004 at 03:54:58PM -0700, Stas Bekman wrote:
> >
> >>        fb = apr_bucket_flush_create(ba);
> >>        db = apr_bucket_transient_create("aaa", 3, ba);
> >>        APR_BRIGADE_INSERT_HEAD(bb, db);
> >>        APR_BUCKET_INSERT_BEFORE(fb, db);
> >
> > The arguments to APR_BUCKET_INSERT_BEFORE are reversed, right? It works
> > for me with the arguments switched.
>
> right, but why does it hang when reversed.

APR_BUCKET_INSERT_BEFORE(fb, db) expands to something like:

    APR_BUCKET_NEXT(db) = fb;
    APR_BUCKET_PREV(db) = APR_BUCKET_PREV(fb);
    APR_BUCKET_NEXT(APR_BUCKET_PREV(fb)) = db;
    APR_BUCKET_PREV(fb) = db;

Obviously for this to work, all that has to happen is that fb's prev
pointer and the next pointer of that bucket must correctly point to each
other.  Everything else is arbitrarily overwritten.  Did you try running
this with bucket debugging turned on like I suggested?  If you do that,
then a bunch of ring consistency checks will be run for you at strategic
times that might help you discern when it is that your brigade gets
corrupted.

> Shouldn't it work both ways? If
> not, then it should produce an error and not hang.

No... it's just a macro manipulating some pointers.  Error handling would
be difficult (given the number of layers of macros) and expensive.

--Cliff

Mime
View raw message