[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [Libevent-users] my app crashed, maybe a bug in libevent



On Wed, Aug 1, 2012 at 3:41 AM, huyinyx <huyinyx@xxxxxxx> wrote:
> in buffer.c :
>
> for (chain = buf->first;
>        remaining >= chain->off;
>        chain = next) {
>    next = chain->next;
>    remaining -= chain->off;
>    if (chain == *buf->last_with_datap) {
>     buf->last_with_datap = &buf->first;
>    }
>    if (&chain->next == buf->last_with_datap)
>     buf->last_with_datap = &buf->first;
>    if (CHAIN_PINNED_R(chain)) {
>     EVUTIL_ASSERT(remaining == 0);
>     chain->misalign += chain->off;
>     chain->off = 0;
>     break;
>    } else
>     evbuffer_chain_free(chain);
>   }
 [...]
> for (chain = buf->first;
>        remaining >= chain->off;
>        chain = next)
> If next is NULL, the program must cause segmentation fault
> Is this a bug?

Earlier in that function, remaining is set so that it is less than or
equal to the total number of bytes in the evbuffer, so it shouldn't be
able to run off the last chain.  (We set remaining = len; after making
sure that len is less than total_len.)  So unless something has gotten
corrupted in the evbuffer, this shouldn't be happening.

Something *is* corrupt, though: the total_len value of your buffer is
60, but that doesn't at all match up with the values in the
evbuffer_chain structs.

Is it possible you've got concurrent threads modifying the buffer
without proper locking, or that something else has gone wrong with the
buffer?  Can you try running your program with valgrind or a similar
tool to see where things are going wrong?


yrs,
-- 
Nick
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxx with
unsubscribe libevent-users    in the body.