Ruediger Pluem wrote: > What are the values of > > idx > re->match[idx].rm_so > re->match[idx].rm_eo > re->source > > and what is the string re->source is pointing to when the crash happens?
idx is 1 and re->source points to an empty string which is fine. However, re->match[idx].rm_so and re->match[idx].rm_eo are random numbers, i.e., a garbage value (I guess they should be 0 if there was no match?). Thus the argument "re->source + re->match[idx].rm_so" ends up pointing to an out of band location (and a memcpy() for that location results in the segfault). I just don't really get why this happens in some cases (like 1 out of 10 requests). BTW, I can reproduce this on Solaris and Linux (worker and prefork) with 2.2.11. With 2.0 this works fine. ciao... -- Lars Eilebrecht [email protected]
