Evan Huus
changed
bug 8197
| What |
Removed |
Added |
| Status |
UNCONFIRMED
|
CONFIRMED
|
| Ever confirmed |
|
1
|
Comment # 5
on bug 8197
from Evan Huus
(In reply to comment #4)
> It runs on Ubuntu 12.10 x64 and I get the same segmentation fault as Laurent
> in frame 1242.
I am running on a prerelease of 13.04 x64 and still have not been able to
reproduce. Possibly some of the extra libraries I have linked in (c-ares,
geoip, etc) are changing my memory layout enough that I'm not seeing it?
> Same kind of crash, but from packet-ber.c instead of packet-per.c. The
> offending frame is also number 1242.
Based on the stack trace provided I suspect that implementing the check
suggested in the comment at emem.c:934 would catch the error earlier. It
appears that a field_info->rep is getting a bad value (either through being
incorrectly overwritten by something else or by being left uninitialized). This
is getting freed and put into the label slab list, and then the next time a new
label slab is needed the invalid address is dereferenced, leading to a crash.
^^^ warning: pure speculation ^^^
I'm not entirely sure why the bad rep pointer wouldn't cause an earlier crash
when the field is displayed though, and I'm frustrated by my inability to
reproduce.
When I implement this part of wmem I will give some thought as to how to
provide better debug information and more reliable crashes in these situations.
In the meantime I don't think I can take this any farther, sorry.
Marking as CONFIRMED since at least somebody is seeing it reliably.
You are receiving this mail because:
- You are watching all bug changes.
