| Anonymous | Login | Signup for a new account | 2010-09-02 11:15 EDT |  |
| Main | My View | View Issues | Change Log | Roadmap |
| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | |||||
| ID | Project | Category | View Status | Date Submitted | Last Update | |
| 0000352 | libmpdclient | public | 2005-01-18 07:56 | 2005-03-07 20:19 | ||
| Reporter | normalperson | |||||
| Assigned To | shank | |||||
| Priority | normal | Severity | minor | Reproducibility | always | |
| Status | closed | Resolution | fixed | |||
| Platform | ipodlinux | OS | OS Version | |||
| Product Version | ||||||
| Target Version | Fixed in Version | |||||
| Summary | 0000352: libmpdclient segfaults over very slow links when reading large lists | |||||
| Description | mpd (uclinux port) is running on my ipod, mpc is running on my desktop machine. telnet works fine. commands that list large lists like mpc listall and mpc playlist cause problems when a large amount of data is being read. mpc status/play/stop/prev and other short commands work fine. Since it's difficult to reproduce, I may be the only one having this problem, so I guess I'll fix it; but just to let you know... | |||||
| Steps To Reproduce | run mpd on your ipod, mpc on a desktop machine connected to the ipod over ip-over-firewire. telnet and netcat work fine. | |||||
| Additional Information | Backtrace with GDB (from mpc trunk (r2878)): #0 0x4009a793 in strchr () from /lib/libc.so.6 (gdb) bt #0 0x4009a793 in strchr () from /lib/libc.so.6 #1 0x08049b46 in mpd_getNextReturnElement (connection=0x8053d78) at libmpdclient.c:403 #2 0x0804b190 in mpd_getNextInfoEntity (connection=0x8053d78) at libmpdclient.c:958 #3 0x0804ffc8 in cmd_listall (argc=0, argv=0x8053d68, conn=0x8053d78) at command.c:549 #4 0x0804d133 in main (argc=0, argv=0xbffff2c4) at main.c:223 | |||||
| Tags | No tags attached. | |||||
| Attached Files | ||||||
 Relationships |
|
 Relationships |
|
Notes |
|
|
(0000383) normalperson (administrator) 2005-01-18 10:48 |
bufferCheck was pointing in the wrong place. OK, looks like I fixed it. This works for me on both fast and slow connections. I'm not entirely sure about the logic behind the original implementation, or why it managed to work on fast connections but it's after 1am and my brain was never great with aritmetic, either. --- orig/src/libmpdclient.c +++ mod/src/libmpdclient.c @@ -419,7 +419,6 @@ connection->doneListOk = 0; return; } - bufferCheck+=connection->buflen-connection->bufstart; tv.tv_sec = connection->timeout.tv_sec; tv.tv_usec = connection->timeout.tv_usec; FD_ZERO(&fds); @@ -440,6 +439,7 @@ connection->doneListOk = 0; return; } + bufferCheck = connection->buffer + connection->buflen; connection->buflen+=readed; connection->buffer[connection->buflen] = '\0'; } |
|
(0000385) shank (administrator) 2005-01-23 04:51 |
this bug is happens when less then one line of input is read by read(). Then bufferCheck is incorrectly computed and can potentially cause a segfault or other nastiness. |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2005-01-18 07:56 | normalperson | New Issue | |
| 2005-01-18 10:48 | normalperson | Note Added: 0000383 | |
| 2005-01-23 04:51 | shank | Status | assigned => resolved |
| 2005-01-23 04:51 | shank | Resolution | open => fixed |
| 2005-01-23 04:51 | shank | Note Added: 0000385 | |
| 2005-03-07 20:19 | Avuton Olrich | Status | resolved => closed |
|
Issue History |
| Copyright © 2000 - 2010 MantisBT Group |
 |