Hi Cyril! On Tue, Jan 14, 2014 at 02:51:41AM +0100, Cyril Bonté wrote: > Le 14/01/2014 00:51, Cyril Bonté a écrit : > Well, I couldn't leave my debug session in its current state.
I know what it's like when you go to bed an cannot sleep with eyes wide open thinking about your last gdb output :-) > Can you confirm that this patch could fix the issue ? I think this > prevents a buffer overflow when waiting for more data. > Currently, I can't reproduce segfaults anymore when applied. Hey, excellent catch! You're absolutely right. I'm totally ashamed for not having found it while reading the code. I was searching for a place where a wrong computation could lead to something larger than the buffer and forgot to check for multiple reads of the buffer's size :-) > Now it's time to sleep some hours ;-) Yeah you deserve it. Steve, please also confirm that Cyril's patch fixes your segfault (I'm sure it does given the traces you provided). Cyril, feel free to send it to me with a few lines of commit message, I'll merge it. Just for the record, the bug was introduced in 1.5-dev13 by this patch : f150317 MAJOR: checks: completely use the connection transport layer Thanks! Willy
