[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [serf-dev] Re: [PATCH] Serf crash on spurious data between responses

From: Philip Martin <philip.martin_at_wandisco.com>
Date: Tue, 13 Jan 2015 00:31:10 +0000

Philip Martin <philip.martin_at_wandisco.com> writes:

> $ valgrind -q test/test_all
> ==11901== Invalid read of size 8
> ==11901== at 0x403E7CF: serf_config_get_object (config_store.c:278)
> ==11901== by 0x403F88A: serf__log (logging.c:146)
> ==11901== by 0x4048E79: serf_log_wrapped_readline (log_wrapper_buckets.c:56)
> ==11901== by 0x41546E: serf_mock_sock_readline (mock_sock_buckets.c:44)
> ==11901== by 0x40443BA: serf_barrier_readline (barrier_buckets.c:54)
> ==11901== by 0x404500D: serf_linebuf_fetch (buckets.c:515)
> ==11901== by 0x404A132: fetch_line (response_buckets.c:124)
> ==11901== by 0x404A475: run_machine (response_buckets.c:235)
> ==11901== by 0x404A8FB: wait_for_body (response_buckets.c:365)
> ==11901== by 0x404AA0F: serf_response_read (response_buckets.c:424)
> ==11901== by 0x406ECB: handle_response (test_util.c:246)
> ==11901== by 0x4041791: handle_response (outgoing.c:1049)
> ==11901== Address 0xd is not stack'd, malloc'd or (recently) free'd

This is caused by serf__bucket_log_wrapper_create failing to intialize
log_wrapped_context_t.context. Initialize to NULL?

Index: buckets/log_wrapper_buckets.c
===================================================================
--- buckets/log_wrapper_buckets.c (revision 2464)
+++ buckets/log_wrapper_buckets.c (working copy)
@@ -168,6 +168,7 @@ serf_bucket_t *serf__bucket_log_wrapper_create(ser
 
     ctx->old_type = wrapped->type;
     ctx->prefix = prefix;
+ ctx->config = NULL;
 
     /* Construct the new extended bucket. */
     bkt->wrapped_bkt.type = bkt_type;

That allows the testsuite to get further, it now crashes in
test_ssl_renegotiate():

$ test/test_all
Out of memory
Aborted
$ valgrind -q --num-callers=20 test/test_all
==18268== Conditional jump or move depends on uninitialised value(s)
==18268== at 0x4DB0D87: ASN1_get_object (asn1_lib.c:107)
==18268== by 0x4DB1120: asn1_GetSequence (asn1_lib.c:319)
==18268== by 0x4A67118: d2i_SSL_SESSION (ssl_asn1.c:392)
==18268== by 0x4A4B3B7: tls_decrypt_ticket (t1_lib.c:2351)
==18268== by 0x4A4D3C8: tls1_process_ticket (t1_lib.c:2240)
==18268== by 0x4A60C3B: ssl_get_prev_session (ssl_sess.c:482)
==18268== by 0x4A37505: ssl3_get_client_hello (s3_srvr.c:1008)
==18268== by 0x4A3BE50: ssl3_accept (s3_srvr.c:357)
==18268== by 0x4A466E8: ssl3_read_bytes (s3_pkt.c:1343)
==18268== by 0x4A435F1: ssl3_read_internal (s3_lib.c:4247)
==18268== by 0x42594C: sslSocketRead (MockHTTP_server.c:2600)
==18268== by 0x420F93: readFromSocket (MockHTTP_server.c:365)
==18268== by 0x421368: buffSktPeek (MockHTTP_server.c:457)
==18268== by 0x423364: processServer (MockHTTP_server.c:1298)
==18268== by 0x423FB3: _mhRunServerLoop (MockHTTP_server.c:1600)
==18268== by 0x41D37D: runServerLoop (MockHTTP.c:143)
==18268== by 0x41D3C7: mhRunServerLoop (MockHTTP.c:154)
==18268== by 0x40772E: run_client_and_mock_servers_loops (test_util.c:499)
==18268== by 0x41B6A7: test_ssl_renegotiate (test_ssl.c:1764)
==18268== by 0x405F0C: CuTestRun (CuTest.c:173)

-- 
Philip Martin | Subversion Committer
WANdisco // *Non-Stop Data*
Received on 2015-01-13 01:32:30 CET

This is an archived mail posted to the Subversion Dev mailing list.