[Serdev] 0.9.3: Crash inside qm_detach_free()

Dmitry Semyonov dsemyonov at dins.ru
Wed Jun 15 15:04:21 UTC 2005


Hello all.

I recently encountered SER crash due to the fact that frag->nxt_free 
of 'frag' argument of qm_detach_free() was equal to zero:
{size = 48, u = {nxt_free = 0x0, is_free = 0}

This obviously happened due to the following condition inside 
qm_find_free() function:
if (f->size>=size){ *h=hash; return f; }

So my question is, shouldn't a check like (f->is_free) be added 
to the condition? Doesn't the described bug look like corrupted 
memory? (I use modified SER, so this could be the root of the 
problem.)

Unfortunately, I did not find a way to reproduce the crash yet.

Backtrace:

#0  0x080832b5 in qm_detach_free (qm=0x8100de0, frag=0x810aba0) at mem/q_malloc.c:264
#1  0x08083170 in qm_malloc (qm=0x8100de0, size=32) at mem/q_malloc.c:381
#2  0x080862cc in parse_headers (msg=0x810ae48, flags=256, next=0) at parser/msg_parser.c:279
[...]

TIA

-- 
...Bye..Dmitry.




More information about the Serdev mailing list