Er, scratch that -- I think these changes are actually in 1.2.6, but the changesets got rewritten so they have different IDs and authors.
(still hates subversion) On Oct 6, 8:40 pm, Dustin <[EMAIL PROTECTED]> wrote: > On Oct 6, 7:15 pm, Chuck Weinstock <[EMAIL PROTECTED]> wrote: > > > We were experiencing periodic crashes of memcached 1.2.5 (every couple > > of days) and upgraded to memcached 1.2.6 on Saturday. It crashed > > today. How can I help you debug it? > > There have been a number of crash fixes since 1.2.6. I'm a bit > confused as to whose trees have what, though. This is my view of > 1.2.6 to master: > > 1c3c4c0d7a59ebe61ace685794789f2179c482bb > Author: Cosimo Streppone <[EMAIL PROTECTED]> > Date: Thu Jun 19 08:29:10 2008 -0700 > > Another buffer overrun fix. > > commit 5bf5dee3754dc5cb13eeb45642a8397a89e4c617 > Author: Dustin Sallings <[EMAIL PROTECTED]> > Date: Wed Jun 18 12:11:50 2008 -0700 > > Allocate new conn structures with calloc. > > Janusz Dziemidowicz reported conn->next was sometimes not > initialized. > This would have been the case for any client connection, or any > listener connection that wasn't tcp. > > commit 74d52354bb720d08f9554d91fd781032ad2aa8e3 > Author: Tomash Brechko <[EMAIL PROTECTED]> > Date: Wed Jun 18 11:31:54 2008 -0700 > > Fix heap corruption when copying too much data onto an item. > > (Dustin:) > I wrote a fuzz test that would consistently crash in assoc_find, > but > after this change the test failed to break things and my fuzz > generator couldn't produce another breaking case. > > commit 0ebdf6d38cd65cca31885e8e7e2f4c7ac4888279 > Author: Dustin Sallings <[EMAIL PROTECTED]> > Date: Wed Jun 18 11:30:22 2008 -0700 > > Use calloc for allocating the hash table vs. malloc+memset. > > calloc is already used to resize the hash table, so it's good to > be > consistent here. > > commit 6ec16c4ad2e8274e23d3c1c2111a8a6a2f99d3b4 > Author: Dustin Sallings <[EMAIL PROTECTED]> > Date: Fri Jun 13 09:01:12 2008 -0700 > > Fix freesuffix corruption. > > When attempting to grow the freesuffix storage, the realloc is > sized > to the number of bytes in freesuffixtotal instead of a number of > pointers of that size. > > That is, the original malloc is for > > sizeof(char *) * freesuffixtotal > > but the realloc for growth was > > freesuffixtotal * 2 > > On a 32-bit machine, this would have the effect of freeing half of > the freelist when an attempt was made to grow it. > > The realloc is now consistent with the initial malloc.
