Steve Hay wrote:
Stas Bekman wrote:
Randy Kobes wrote:
For modperl_filter_new():
apr_pool_t *p; modperl_filter_t *filter; p = f->r ? f->r->pool : f->c->pool; filter = (modperl_filter_t *) apr_pcalloc(p, sizeof(modperl_filter_t));
>
before the apr_pcalloc() call, f->c->pool is defined, and p is set equal to it (f->r is null). However, sometimes what happens right after the apr_pcalloc() call is that f->r, f->c, ... of f get set to null (including f->ctx, which causes the crash in modperl_run_filter), and filter gets set to the value of p.
So it clobbers the previously allocated memory. It's possible that the pool frees that memory and f still points to the old memory and it works fine till the moment pool reallocs it for something else. But that's the whole point of pools that there is no free(), the whole pool is getting destroyed when its life is over and in the case of f->c->pool that's the life of the whole connection. Only if the connection object is destroyed the pool get destroyed as well.
Can you step into apr_pcalloc and keep an eye on the values in p and f and see what goes wrong inside of it?
Not really - only p (i.e. f->c->pool) gets passed into apr_pcalloc(). f is not visible in apr_pcalloc(), so the debugger doesn't show it. I can watch what happens to p, but I don't really know what I'm looking for and it is a rather large structure.
Yes, but you can get the address contained in f before you dive into apr_pcalloc.
Before the apr_pcalloc() call that breaks things, f->ctx is 0x008e23b8 and &(f->ctx) is 0x008e23cc (very close by!).
I opened the Memory window, entered 0x008e23cc and I see this there: B8 23 8E 00. This is 0x008e23b8 written in some odd way related to {big|little}-endianness, presumably. (Read it backwards, pairs of hex digits at a time.)
So then I stepped into apr_pcalloc(), watching that spot in the Memory window, waiting to see which line changes the value stored at 0x008e23cc to 00 00 00 00.
Answer: None of them!
None of the lines in apr_pcalloc() nulled that area of memory. However, when I return to modperl_filter_new(), 0x8e23cc goes to 00 00 00 00 as soon as the assignment of the return value from apr_pcalloc() to *filter happens.
Where does this leave us?
- Steve
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
