On Oct 6, 7:15 pm, Chuck Weinstock <[EMAIL PROTECTED]> wrote:
> We were experiencing periodic crashes of memcached 1.2.5 (every couple
> of days) and upgraded to memcached 1.2.6 on Saturday. It crashed
> today. How can I help you debug it?
There have been a number of crash fixes since 1.2.6. I'm a bit
confused as to whose trees have what, though. This is my view of
1.2.6 to master:
1c3c4c0d7a59ebe61ace685794789f2179c482bb
Author: Cosimo Streppone <[EMAIL PROTECTED]>
Date: Thu Jun 19 08:29:10 2008 -0700
Another buffer overrun fix.
commit 5bf5dee3754dc5cb13eeb45642a8397a89e4c617
Author: Dustin Sallings <[EMAIL PROTECTED]>
Date: Wed Jun 18 12:11:50 2008 -0700
Allocate new conn structures with calloc.
Janusz Dziemidowicz reported conn->next was sometimes not
initialized.
This would have been the case for any client connection, or any
listener connection that wasn't tcp.
commit 74d52354bb720d08f9554d91fd781032ad2aa8e3
Author: Tomash Brechko <[EMAIL PROTECTED]>
Date: Wed Jun 18 11:31:54 2008 -0700
Fix heap corruption when copying too much data onto an item.
(Dustin:)
I wrote a fuzz test that would consistently crash in assoc_find,
but
after this change the test failed to break things and my fuzz
generator couldn't produce another breaking case.
commit 0ebdf6d38cd65cca31885e8e7e2f4c7ac4888279
Author: Dustin Sallings <[EMAIL PROTECTED]>
Date: Wed Jun 18 11:30:22 2008 -0700
Use calloc for allocating the hash table vs. malloc+memset.
calloc is already used to resize the hash table, so it's good to
be
consistent here.
commit 6ec16c4ad2e8274e23d3c1c2111a8a6a2f99d3b4
Author: Dustin Sallings <[EMAIL PROTECTED]>
Date: Fri Jun 13 09:01:12 2008 -0700
Fix freesuffix corruption.
When attempting to grow the freesuffix storage, the realloc is
sized
to the number of bytes in freesuffixtotal instead of a number of
pointers of that size.
That is, the original malloc is for
sizeof(char *) * freesuffixtotal
but the realloc for growth was
freesuffixtotal * 2
On a 32-bit machine, this would have the effect of freeing half of
the freelist when an attempt was made to grow it.
The realloc is now consistent with the initial malloc.
