You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modules-dev@httpd.apache.org by Joachim Zobel <jz...@heute-morgen.de> on 2011/09/10 13:26:59 UTC
Stack corruption mysterie
Hi.
I have the following simple function.
/*
* xml2_make_start_bucket
*/
apr_bucket *xml2_make_start_bucket(apr_bucket * b)
{
bucket_node *bn = b->data;
apr_bucket *end;
if (bn->node->type != XML_ELEMENT_NODE
&& !IS_DOCUMENT_NODE(bn->node)) {
return NULL;
}
apr_bucket_copy(b, &end);
bn->end = end;
return end;
}
The bucket b is a shared bucket of a user defined type. All happens on
linux x86_64. apr_bucket_copy is apr_bucket_shared_copy.
After calling the function the subsequent assert fails.
apr_bucket *end = xml2_make_start_bucket(b);
ap_assert(end == bn->end);
gdb shows me that the leading byte of end has been overwritten with 0.
Any hints on what may be happening there?
Thanks,
Joachim
Re: Stack corruption mysterie
Posted by Joachim Zobel <jz...@heute-morgen.de>.
Just wanted to add the gdb output from the core dump.
213 ap_assert(end == bn->end);
(gdb) p end
$1 = (apr_bucket *) 0xffffffff914638b8
(gdb) p bn->end
$2 = (apr_bucket *) 0x7fa9914638b8
Solved: Stack corruption mysterie
Posted by Joachim Zobel <jz...@heute-morgen.de>.
On Sat, 2011-09-10 at 13:26 +0200, Joachim Zobel wrote:
> apr_bucket *end = xml2_make_start_bucket(b);
> ap_assert(end == bn->end);
>
This was caused by a missing function declaration for
xml2_make_start_bucket in the calling file. I had overlooked the
"implicitely converting pointer type from int" warning, that resulted
from gcc assuming the function to return an int.
Sincerely,
Joachim