Eggdev: Crash in malloc() internals ? (server.c:865)

Miguel Ventura hal9000 at netcabo.pt
Mon Feb 2 18:59:04 CST 2004


    784 static void queue_server(int which, char *buf, int len)
    785 {
    790   /* Don't even BOTHER if there's no server online. */
    791   if (serv < 0)
    792     return;
...
    842   if (h->tot < maxqmsg) {
...
    863     if (h->head) {
    864       if (!qnext)
    865         h->last->next = q; 

There is no previous verification if h->last points to anywhere valid. I
couldn't find any reference to 'struct msgq' definition on the whole source!
So I couldn't understand if ->last is supposed to be *always* valid when
->head is on the place. That q that is created there never gets its "last"
field set untill the function returns. And h gets a reference to q with the
unset "last" field. Its quite hard for me to analyse this code since I
couldn't figure out (completely) its structure.

I believe my source is the one you get from a 'wget geteggdrop.com' plus
megahal and stats.mod, but none would mess with server.c on mod/server.mod/


-----Original Message-----
From: Will Buckner (Wcc) [mailto:wcc at techmonkeys.org] 
Sent: segunda-feira, 2 de Fevereiro de 2004 23:22
To: hal9000 at netcabo.pt; 'Eggdrop Development List'
Subject: RE: Eggdev: Crash in malloc() internals ? (+valgrind log)

 Actually, I think that output might prove useful. However, I bet my copy of
server.c is different than yours.. what's line 865?

Wcc




More information about the Eggdev mailing list