Published using Google Docs
svn-3684
Updated automatically every 5 minutes

svn-3684

Version:

1.7.0

Bug Link:

http://subversion.tigris.org/issues/show_bug.cgi?id=3684

Symptom:

The program crashes during somewhere in the middle of the checkout.

Execution commands:

svn co https://svn.apache.org/repos/asf/subversion/trunk

A    trunk/subversion/libsvn_fs_base/notes/structure

A    trunk/subversion/libsvn_fs_base/notes/TODO

A    trunk/subversion/libsvn_fs_base/notes/schema-bdb-1.6.svg

A    trunk/subversion/libsvn_fs_base/notes/fs-history

A    trunk/subversion/libsvn_ra

A    trunk/subversion/libsvn_ra/deprecated.c

A    trunk/subversion/libsvn_ra/wrapper_template.h

Segmentation fault (core dumped)

How it is diagnosed:

discussion / dump

The cause of this is either an accidental memory leak or wasteful handling of memory. Because a malloc return value isn’t checked, svn eventually runs into a null pointer when it fails to allocate more memory.

 

Root Cause:

Brief:

The cause of crash is due to memory usage. Because a malloc return value isn’t checked, the program runs into a null pointer when it fails to allocate the memory.

Detail:

Null pointer deference makes segmentation fault.

Call stack:

Trace for "Segmentation fault (core dumped)":

#0  0x00000002068ee6b6 in serf_bucket_mem_alloc (allocator=0x20662e190,
   size=32) at buckets/allocator.c:192
192                     active->next = head;
(gdb) p active
$1 = (apr_memnode_t *) 0x0
(gdb) bt
#0  0x00000002068ee6b6 in serf_bucket_mem_alloc (allocator=0x20662e190,
   size=32) at buckets/allocator.c:192
#1  0x00000002068eb0bc in serf_bucket_aggregate_prepend (
   aggregate_bucket=0x207835338, prepend_bucket=0x2290a1f38)
   at buckets/aggregate_buckets.c:154
#2  0x00000002068f0084 in ssl_encrypt (baton=0x202853038, bufsize=8000,
   buf=0x20285308c "\026\003\001", len=0x7f7ffffd1220)
   at buckets/ssl_buckets.c:581
#3  0x00000002068ec2ed in common_databuf_prep (databuf=0x202853068,
   len=0x7f7ffffd1308) at buckets/buckets.c:316
#4  0x00000002068ec363 in serf_databuf_read (databuf=0x202853068,
   requested=18446744073709551615, data=0x7f7ffffd1310, len=0x7f7ffffd1308)
   at buckets/buckets.c:334
#5  0x00000002068f16dc in serf_ssl_read (bucket=0x20e7740b8,
   requested=18446744073709551615, data=0x7f7ffffd1310, len=0x7f7ffffd1308)
   at buckets/ssl_buckets.c:1341
#6  0x00000002068ebc3f in serf_default_read_iovec (bucket=0x20e7740b8,
   requested=18446744073709551615, vecs_size=1024, vecs=0x20662a0f0,
   vecs_used=0x7f7ffffd138c) at buckets/buckets.c:55
#7  0x00000002068eb349 in read_aggregate (bucket=0x2078351b8,
   requested=18446744073709551615, vecs_size=1024, vecs=0x20662a0f0,
   vecs_used=0x20662e0f0) at buckets/aggregate_buckets.c:261
#8  0x00000002068eb555 in serf_aggregate_read_iovec (bucket=0x2078351b8,
   requested=18446744073709551615, vecs_size=1024, vecs=0x20662a0f0,
   vecs_used=0x20662e0f0) at buckets/aggregate_buckets.c:361
#9  0x00000002068e9e82 in write_to_connection (conn=0x20662a028)
   at ./outgoing.c:646
#10 0x00000002068ea4cf in serf__process_connection (conn=0x20662a028, events=4)
   at ./outgoing.c:1002
#11 0x00000002068e8808 in serf_event_trigger (s=0x20ba681c8,
   serf_baton=0x20662a038, desc=0x20ba68628) at ./context.c:199
#12 0x00000002068e896b in serf_context_run (ctx=0x20ba681c8,
   duration=-694967296, pool=0x20b4d4028) at ./context.c:260
#13 0x0000000202a8032c in finish_report (report_baton=0x207ebddf0,
   pool=0x20b4d4028) at subversion/libsvn_ra_serf/update.c:2278
#14 0x00000002013a97e6 in svn_wc_crawl_revisions5 (wc_ctx=0x20fbfda30,
   local_abspath=0x20b4d4158 "/tmp/trunk", reporter=0x202c8b880,
   report_baton=0x207ebddf0, restore_files=1, depth=svn_depth_infinity,
   honor_depth_exclude=0, depth_compatibility_trick=0, use_commit_times=0,
   external_func=0x2108c839d <svn_client__external_info_gatherer>,
   external_baton=0x7f7ffffd1930, notify_func=0x416401 <notify>,
   notify_baton=0x208c68048, scratch_pool=0x20b4d4028)
   at subversion/libsvn_wc/adm_crawler.c:999
#15 0x00000002108f85c6 in update_internal (result_rev=0x0,
   local_abspath=0x20b4d4158 "/tmp/trunk",
   anchor_abspath=0x20b4d5920 "/tmp/trunk", revision=0x7f7ffffd1e30,
   depth=svn_depth_infinity, depth_is_sticky=1, ignore_externals=0,
   allow_unver_obstructions=0, timestamp_sleep=0x7f7ffffd1d3c,
   send_copyfrom_args=0, innerupdate=0, ctx=0x20fbfd988, pool=0x20b4d4028)
   at subversion/libsvn_client/update.c:252
#16 0x00000002108f8972 in svn_client__update_internal (result_rev=0x0,
---Type <return> to continue, or q <return> to quit---
   local_abspath=0x20b4d4158 "/tmp/trunk", revision=0x7f7ffffd1e30,
   depth=svn_depth_infinity, depth_is_sticky=1, ignore_externals=0,
   allow_unver_obstructions=0, timestamp_sleep=0x7f7ffffd1d3c,
   send_copyfrom_args=0, innerupdate=0, ctx=0x20fbfd988, pool=0x20b4d4028)
   at subversion/libsvn_client/update.c:337
#17 0x00000002108a9170 in initialize_area (result_rev=0x0,
   local_abspath=0x20b4d4158 "/tmp/trunk", revision=0x7f7ffffd1e30,
   session_url=0x20b4d41f0 "https://svn.apache.org/repos/asf/subversion/trunk",
repos_root=0x20b4d41a0 "https://svn.apache.org/repos/asf",
   uuid=0x20b4d41c8 "13f79535-47bb-0310-9956-ffa450edef68", revnum=964728,
   depth=svn_depth_infinity, use_sleep=0x7f7ffffd1d3c, ignore_externals=0,
   allow_unver_obstructions=0, innercheckout=0, ctx=0x20fbfd988,
   pool=0x20b4d4028) at subversion/libsvn_client/checkout.c:73
#18 0x00000002108a98cd in svn_client__checkout_internal (result_rev=0x0,
   url=0x20b4d4168 "https://svn.apache.org/repos/asf/subversion/trunk",
   local_abspath=0x20b4d4158 "/tmp/trunk", peg_revision=0x7f7ffffd1e20,
   revision=0x7f7ffffd1e30, ra_cache=0x0, depth=svn_depth_unknown,
   ignore_externals=0, allow_unver_obstructions=0, innercheckout=0,
   timestamp_sleep=0x0, ctx=0x20fbfd988, pool=0x20b4d4028)
   at subversion/libsvn_client/checkout.c:189
#19 0x00000002108a9c84 in svn_client_checkout3 (result_rev=0x0,
   URL=0x20b4d40a0 "https://svn.apache.org/repos/asf/subversion/trunk",
   path=0x206d03fe0 "trunk", peg_revision=0x7f7ffffd1e20,
   revision=0x7f7ffffd1e30, depth=svn_depth_unknown, ignore_externals=0,
   allow_unver_obstructions=0, ctx=0x20fbfd988, pool=0x20b4d4028)
   at subversion/libsvn_client/checkout.c:271
#20 0x00000000004084f9 in svn_cl__checkout (os=0x20fbfd278,
   baton=0x7f7ffffd2140, pool=0x20fbfd028)
   at subversion/svn/checkout-cmd.c:166
#21 0x0000000000414901 in main (argc=3, argv=0x7f7ffffd2290)
   at subversion/svn/main.c:2312
(gdb)

The patch is from update of serf module.

Failure symptom category

crash (segfault)

How can we automatically insert the error message?

1. log the error return value (checked)

2. signal handler