[Serdev] 0.9.3: Crash inside qm_detach_free()
Dmitry Semyonov
dsemyonov at dins.ru
Wed Jun 15 15:04:21 UTC 2005
Hello all.
I recently encountered SER crash due to the fact that frag->nxt_free
of 'frag' argument of qm_detach_free() was equal to zero:
{size = 48, u = {nxt_free = 0x0, is_free = 0}
This obviously happened due to the following condition inside
qm_find_free() function:
if (f->size>=size){ *h=hash; return f; }
So my question is, shouldn't a check like (f->is_free) be added
to the condition? Doesn't the described bug look like corrupted
memory? (I use modified SER, so this could be the root of the
problem.)
Unfortunately, I did not find a way to reproduce the crash yet.
Backtrace:
#0 0x080832b5 in qm_detach_free (qm=0x8100de0, frag=0x810aba0) at mem/q_malloc.c:264
#1 0x08083170 in qm_malloc (qm=0x8100de0, size=32) at mem/q_malloc.c:381
#2 0x080862cc in parse_headers (msg=0x810ae48, flags=256, next=0) at parser/msg_parser.c:279
[...]
TIA
--
...Bye..Dmitry.
More information about the Serdev
mailing list