[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Segmentation fault in Serf during merge_tests.py 61 ("merge fails if subtree is deleted on src")

From: Lieven Govaerts <svnlgo_at_mobsol.be>
Date: Sun, 14 Dec 2008 11:59:40 +0100

Arfrever Frehtes Taifersar Arahesis wrote:
> Serf segfaults during Subversion's test merge_tests.py 61 ("merge fails if subtree is deleted on src").
> I use Subversion trunk r34706 and Serf trunk r1203.
>

Is this on Mac? Repeatable?

..
>
> Breakpoint 3, serf_linebuf_fetch (linebuf=0x9998058, bucket=0x99967c0, acceptable=7) at buckets/buckets.c:512
> 512 in buckets/buckets.c
> (gdb) p *linebuf
> $1 = {state = SERF_LINEBUF_READY, used = 0,
> line = "Content-Type: text/xml; charset=\"utf-8\"", '\0' <repeats 61 times>, "@\200\231\t K\216CH\200\231\t��\226\t", '\0' <repeats 112 times>, "�\200\231\t�\200\231\t8_\231\t", '\0' <repeats 116 times>, "@\204\231\t\000\000\000\0005�׷", '\0' <repeats 12 times>, "����", '\0' <repeats 100 times>, "�\201\231\t K\216C�\201\231\t��\226\t", '\0' <repeats 112 times>, "@\202\231\tH\202\231\tH\201\231\t", '\0' <repeats 116 times>, "�\205\231\t\000\000\000\000��׷", '\0' <repeats 12 times>...}
> (gdb) p *bucket
> $2 = {type = 0x438e4de0, data = 0x99962c0, allocator = 0x98e69c8}
> (gdb) p *bucket.type
> $3 = {name = 0x438e3216 "BARRIER", read = 0x438e2996 <serf_barrier_read>, readline = 0x438e29d0 <serf_barrier_readline>, read_iovec = 0x438dce07 <serf_default_read_iovec>,
> read_for_sendfile = 0x438dce66 <serf_default_read_for_sendfile>, read_bucket = 0x438dcec0 <serf_default_read_bucket>, peek = 0x438e2a11 <serf_barrier_peek>, destroy = 0x438e2a44 <serf_barrier_destroy>,
> snapshot = 0x438dcf32 <serf_default_snapshot>, restore_snapshot = 0x438dcf3c <serf_default_restore_snapshot>, is_snapshot_set = 0x438dcf46 <serf_default_is_snapshot_set>}
> (gdb) p *bucket.data
> Attempt to dereference a generic pointer.
> (gdb) p *bucket.allocator
> $4 = {pool = 0x98e6988, allocator = 0x98780f0, unfreed = 0, unfreed_baton = 0x0, num_alloc = 25, freelist = 0x9996038, blocks = 0x9996020, track = 0x0}
> (gdb) p data
> $5 = 0xbfda1034 "?!\231\t"
> (gdb) p len
> $6 = 4294967295
> (gdb) cont
>
I'm interested in the values of 'status' and 'found' at this point.
Looks like 0 bytes of data were read, but serf thinks an LF was found,
so it substracts 1 from 'len' which makes it 0xFFFFFFFF.

Lieven

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=462&dsMessageId=984059
Received on 2008-12-14 12:00:20 CET

This is an archived mail posted to the Subversion Dev mailing list.