Issue 361 in memcached: Segfault in memcached (slabs.c) 1.4.15, patch provided.

Wed, 16 Apr 2014 10:32:21 -0700 

Status: New
Owner: ----
Labels: Type-Defect Priority-Medium
New issue 361 by [email protected]: Segfault in memcached (slabs.c) 1.4.15, patch provided. 
http://code.google.com/p/memcached/issues/detail?id=361


do_slabs_alloc should return NULL due to failure.

System information:

Red Hat Enterprise Linux Server release 6.2 (Santiago)

memcached was compiled from 1.4.15 source.


backtrace:
#0  do_slabs_alloc (size=95, id=1) at slabs.c:241
#1  slabs_alloc (size=95, id=1) at slabs.c:404
#2 0x000000000040ee04 in do_item_alloc (key=0x7f378c140228 "ACCT_61_THROTTLE_10_139637137", nkey=29, flags=<value optimized out>, exptime=423812, nbytes=3, cur_hv=3270978001) at items.c:150 #3 0x000000000040600c in do_add_delta (c=<value optimized out>, key=<value optimized out>, nkey=<value optimized out>, incr=<value optimized out>, delta=1, buf=0x7f378d541b60 "1", cas=0x0, hv=2783358649) at memcached.c:3102 #4 0x0000000000410826 in add_delta (c=0x7f3778039d40, key=0x7f3778039f45 "ACCT_61_THROTTLE_10_139637137", nkey=29, incr=1, delta=<value optimized out>, buf=<value optimized out>, cas=0x0) at thread.c:585 #5 0x00000000004096af in process_arithmetic_command (c=0x7f3778039d40, tokens=<value optimized out>, ntokens=<value optimized out>, incr=true) at memcached.c:3015 #6 0x0000000000409d9c in process_command (c=0x7f3778039d40, command=<value optimized out>) at memcached.c:3266 #7 0x000000000040a5e2 in try_read_command (c=0x7f3778039d40) at memcached.c:3504 #8 0x000000000040b1e8 in drive_machine (fd=<value optimized out>, which=<value optimized out>, arg=0x7f3778039d40) at memcached.c:3824 #9 event_handler (fd=<value optimized out>, which=<value optimized out>, arg=0x7f3778039d40) at memcached.c:4065 #10 0x00007f378f752ddc in event_process_active_single_queue (base=0xb88c50, flags=0) at event.c:1346 
#11 event_process_active (base=0xb88c50, flags=0) at event.c:1416
#12 event_base_loop (base=0xb88c50, flags=0) at event.c:1617
#13 0x000000000041010d in worker_libevent (arg=0xb83fa0) at thread.c:384
#14 0x00000033194077f1 in start_thread () from /lib64/libpthread.so.0
#15 0x00000033190e570d in clone () from /lib64/libc.so.6


Proposed Patch ...

Index: slabs.c
===================================================================
--- slabs.c     (revision 17157)
+++ slabs.c     (revision 17158)
@@ -235,7 +235,7 @@
     if (! (p->sl_curr != 0 || do_slabs_newslab(id) != 0)) {
         /* We don't have more memory available */
         ret = NULL;
-    } else if (p->sl_curr != 0) {
+    } else if (p->sl_curr != 0 && p->slots != 0) {
         /* return off our freelist */
         it = (item *)p->slots;
         p->slots = it->next;


--
You received this message because this project is configured to send all issue notifications to this address. 
You may adjust your notification preferences at:
https://code.google.com/hosting/settings

--
--- You received this message because you are subscribed to the Google Groups "memcached" group. 
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Reply via email to