On Thu, Nov 14, 2002 at 07:49:00PM +0100, Heinz Ekker wrote:
On Thu, Nov 14, 2002 at 06:07:02PM +0100, Balazs Scheidler wrote:
can you analyze the core a bit more? (it is no use to send it to me, as it might contain libc different from my system)
gdb syslog-ng -c core (gdb) frame 4
this selects the frame of xalloc()
now display part of the stack:
p $ebp x/40 $ebp-20
I'll try to find how many bytes c_format_() wants to allocate. This might help to track down the problem.
Is that of any help for you?
(gdb) frame 4 #4 0x080530a7 in xalloc () (gdb) p $ebp $1 = (void *) 0xbfffe868 (gdb) x/40 $ebp-20 0xbfffe854: 0x00000098 0x4014afa0 0x00000000 0xcedfcc12 0xbfffe864: 0xcedfcc12 0xbfffe888 0x080531f7 0xcedfcc21 0xbfffe874: 0x4014afa0 0xcedfcc12 0x0000003b 0x08075ce0 0xbfffe884: 0x0000003b 0xbfffe8b8 0x0805068f 0xcedfcc12 0xbfffe894: 0xbfffe8c4 0xbfffe8b8 0x4009f548 0x08075b70 0xbfffe8a4: 0x0806c224 0xbffff8e8 0x0000003b 0x08075ce0 0xbfffe8b4: 0x080817ac 0xbffff8f8 0x08053501 0x080540bd 0xbfffe8c4: 0xcedfcc12 0x3927911d 0x00000000 0x0806f5ac 0xbfffe8d4: 0x31203431 0x00001000 0x080691a8 0x3e32323c 0xbfffe8e4: 0x20766f4e 0x31203431 0x30303a33 0x2034323a
hmm.. as it seems the length c_format() wants to allocate is 0xcedfcc21 bytes, cca 3.5GB, somehow the log entry to be written is completely bogus. do_flush() calls c_format with a format "%s", string length 0xcedfcc12 and data pointer 0x3927911d, if the allocation would succeed, syslog-ng would crash anyway, when trying to dereference 0x3927911d. The funny thing is that A_WRITE() is called with exactly these parameters, and it didn't crash, so something changed the data between A_WRITE() and c_format(). Can you send me your syslog-ng binary and the core file in private? Maybe I can do some more analyisis. (I hope core files don't depend on libc version, or if they do, it would still show some valid data) -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1