You are viewing a plain text version of this content. The canonical link for it is here.

Posted to modules-dev@httpd.apache.org by Joachim Zobel <jz...@heute-morgen.de> on 2011/09/10 13:26:59 UTC

Stack corruption mysterie

Hi. 

I have the following simple function.

/*
 * xml2_make_start_bucket
 */
apr_bucket *xml2_make_start_bucket(apr_bucket * b)
{
    bucket_node *bn = b->data;
    apr_bucket *end;

    if (bn->node->type != XML_ELEMENT_NODE
        && !IS_DOCUMENT_NODE(bn->node)) {
        return NULL;
    }

    apr_bucket_copy(b, &end);
    bn->end = end;

    return end;
}

The bucket b is a shared bucket of a user defined type. All happens on
linux x86_64. apr_bucket_copy is apr_bucket_shared_copy.

After calling the function the subsequent assert fails.

        apr_bucket *end = xml2_make_start_bucket(b);
        ap_assert(end == bn->end);

gdb shows me that the leading byte of end has been overwritten with 0. 

Any hints on what may be happening there?

Thanks,
Joachim

Re: Stack corruption mysterie

Posted by Joachim Zobel <jz...@heute-morgen.de>.

Just wanted to add the gdb output from the core dump.

213             ap_assert(end == bn->end);
(gdb) p end
$1 = (apr_bucket *) 0xffffffff914638b8
(gdb) p bn->end
$2 = (apr_bucket *) 0x7fa9914638b8

Solved: Stack corruption mysterie

Posted by Joachim Zobel <jz...@heute-morgen.de>.

On Sat, 2011-09-10 at 13:26 +0200, Joachim Zobel wrote:
>         apr_bucket *end = xml2_make_start_bucket(b);
>         ap_assert(end == bn->end);
> 

This was caused by a missing function declaration for
xml2_make_start_bucket in the calling file. I had overlooked the
"implicitely converting pointer type from int" warning, that resulted
from gcc assuming the function to return an int.

Sincerely,
Joachim