[Wifidog] Wifidog segfault
David Vincelli
micologist at gmail.com
Thu Oct 28 13:35:08 EDT 2004
Er, I guess that's not even possible (totalbytes growing bigger than
MAX_BUF). But you can never be certain.
On Thu, 28 Oct 2004 13:33:57 -0400, David Vincelli <micologist at gmail.com> wrote:
> I assume the crash occurs here (only read() call):
>
> numbytes = totalbytes = 0;
> while ((numbytes = read(sockfd, request + totalbytes,
> MAX_BUF - (totalbytes + 1))) > 0)
> totalbytes =+ numbytes;
>
> if (numbytes == -1) {
> debug(LOG_ERR, "read(): %s", strerror(errno));
> mark_auth_server_bad(auth_server);
> close(sockfd);
> return;
> }
>
> What happens when (totalbytes + 1) > MAX_BUF (and/or if request +
> totalbytes points to an invalid memory address?) Do you _have_ to do
> pointer arithmetic?
> Does the debug call show up in the logs? If so, what does it log?
>
>
>
> On Thu, 28 Oct 2004 12:48:24 -0400, Philippe April
> <isf_lists at philippeapril.com> wrote:
> > > I fixed the long key crash, Mina hit it right on the head with
> > > that "char var[50]". I malloc() it to the size of the whole query and it
> > > doesn't crash anymore. This is in CVS now.
> >
> > Nice... Good work. I'll test that and apply to some hotspots, will let you guys
> > know so we can monitor.
> >
> > Not sure where to start on the read() bug though...
> >
> > Philippe
> >
> >
> > _______________________________________________
> > Wifidog mailing list
> > Wifidog at isf.waglo.com
> > http://isf.waglo.com/mailman/listinfo/wifidog_isf.waglo.com
> >
> >
> >
>
> --
> the micologist
>
--
the micologist
More information about the Wifidog
mailing list