Ticket #50 (closed defect: fixed)

Opened 20 months ago

Last modified 20 months ago

Segfault in IO event dispatch

Reported by: scott Owned by: gt3
Priority: major Milestone: Sagot 0.1
Component: IMGV Version:
Keywords: Cc:

Description

As of [35], sagot degfaults when events are dispatched as a result of I/O. Arbitrary events currently dispatch correctly and faults are correctly tolerated.

Output from valgrind 

==26107== Invalid write of size 4
==26107==    at 0x8049F54: sagot_eventloop_dispatch (sagot_glib_eventloop.c:93)
==26107==  Address 0xAE1354FC is on thread 1's stack
==26107== 
==26107== Process terminating with default action of signal 11 (SIGSEGV)
==26107==  Access not within mapped region at address 0xAE1354FC
==26107==    at 0x8049F54: sagot_eventloop_dispatch (sagot_glib_eventloop.c:93)
==26107== 
==26107== Process terminating with default action of signal 11 (SIGSEGV)
==26107==  Access not within mapped region at address 0xAE1354EC
==26107==    at 0x4019308: _vgw_freeres (vg_preloaded.c:58)

Attachments

loop_watch_test.js (376 bytes) - added by scott 20 months ago.
Script which causes segfault on read event dispatch

Change History

Changed 20 months ago by scott

Script which causes segfault on read event dispatch

Changed 20 months ago by scott

The SIGSEGV is happening here trunk/sagot/src/sagot_glib_eventloop.c@35#L93 

    for (int i = 0; i < argc; i++) {
        JS_GetElement(cx, arglist, i, &argv[i]);
    }

Apparently argv isn't as big as we thought? Or maybe it has been recently free'd. Prior to this action, we get a warning about a stack pointer change: 0xBEB99320 --> 0xADEF94F0

Changed 20 months ago by scott

  • status changed from new to closed
  • resolution set to fixed
Note: See TracTickets for help on using tickets.