Ticket #50 (closed defect: fixed)

Opened 6 years ago

Last modified 6 years ago

Segfault in IO event dispatch

Reported by: scott Owned by: gt3
Priority: major Milestone: Sagot 0.1
Component: IMGV Version:
Keywords: Cc:

Description

As of [35], sagot degfaults when events are dispatched as a result of I/O. Arbitrary events currently dispatch correctly and faults are correctly tolerated.

Output from  valgrind 

==26107== Invalid write of size 4
==26107==    at 0x8049F54: sagot_eventloop_dispatch (sagot_glib_eventloop.c:93)
==26107==  Address 0xAE1354FC is on thread 1's stack
==26107== 
==26107== Process terminating with default action of signal 11 (SIGSEGV)
==26107==  Access not within mapped region at address 0xAE1354FC
==26107==    at 0x8049F54: sagot_eventloop_dispatch (sagot_glib_eventloop.c:93)
==26107== 
==26107== Process terminating with default action of signal 11 (SIGSEGV)
==26107==  Access not within mapped region at address 0xAE1354EC
==26107==    at 0x4019308: _vgw_freeres (vg_preloaded.c:58)

Attachments

loop_watch_test.js (376 bytes) - added by scott 6 years ago.
Script which causes segfault on read event dispatch

Change History

Changed 6 years ago by scott

Script which causes segfault on read event dispatch

Changed 6 years ago by scott

The  SIGSEGV is happening here trunk/sagot/src/sagot_glib_eventloop.c@35#L93 

    for (int i = 0; i < argc; i++) {
        JS_GetElement(cx, arglist, i, &argv[i]);
    }

Apparently argv isn't as big as we thought? Or maybe it has been recently free'd. Prior to this action, we get a warning about a stack pointer change: 0xBEB99320 --> 0xADEF94F0

Changed 6 years ago by scott

  • status changed from new to closed
  • resolution set to fixed
Note: See TracTickets for help on using tickets.