[
https://issues.apache.org/jira/browse/ZOOKEEPER-458?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Steven Cheng updated ZOOKEEPER-458:
-----------------------------------
Attachment: ZOOKEEPER-458.patch
Maybe free_buffer is getting called twice on the same structure, changed patch
to null out the buffer field.
If free_buffer is getting called twice, we should see a __wrap_free ... p = 0
in the backtrace.
It's also possible that the buffer is getting free'd since buffer is shared
with the iarchive zookeeper.c:1781 but I couldn't find any paths where the
iarchive buffer is free'd by manually tracing through.
One thing I am confused about is that the segfault happens at the end of the
testConnectIndex1 test, but the path that it is taking is processing
outstanding synchronous completions. The only synchronous completion that
could be there is the zoo_exists call, but this was completed at the beginning
of the test, before the server was stopped.
> connect_index in zookeeper handle might get out of bound.
> ---------------------------------------------------------
>
> Key: ZOOKEEPER-458
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-458
> Project: Zookeeper
> Issue Type: Bug
> Components: c client
> Reporter: Mahadev konar
> Assignee: Steven Cheng
> Fix For: 3.3.0
>
> Attachments: ZOOKEEPER-458.patch, ZOOKEEPER-458.patch,
> ZOOKEEPER-458.patch, ZOOKEEPER-458.patch, ZOOKEEPER-458.patch
>
>
> connect_index in zookeeper handle might get out of bound. the zokoeeper_init
> method checks for index == count and sets it to zero. If the index becomes
> greater than count, then it will go out of bounds.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
