Hello,
In certain cases the ns_driver query logic can end up dereferencing a
null pointer. The code iterates over all the sockets waiting for I/O
events and prints out some info about the socket and the associated
conn via NsAppendConn(sockPtr->connPtr). It turns out that if the
sock is in SOCK_CLOSEWAIT state, the connection associated with the
sock has already been freed, so the NsAppendConn call blows up.
I can reproduce the crash by logging into the nscp port and calling
ns_driver query over and over on a lightly loaded development server.
Here is a patch that just puts an empty list where the connection info
would be in the case that the conn is null. Does it look ok?
--- driver.c.orig 2008-11-07 17:17:36.000000000 +0000
+++ driver.c 2008-11-07 17:20:33.000000000 +0000
@@ -1328,7 +1328,12 @@
pdata.pfds[sockPtr->pidx].revents,
sockPtr->acceptTime.sec, sockPtr->acceptTime.usec,
sockPtr->timeout.sec, sockPtr->timeout.usec);
- NsAppendConn(drvPtr->queryPtr, sockPtr->connPtr, "i/o");
+ if (sockPtr->connPtr != NULL) {
+ NsAppendConn(drvPtr->queryPtr, sockPtr->connPtr, "i/o");
+ } else {
+ Tcl_DStringStartSublist(drvPtr->queryPtr);
+ Tcl_DStringEndSublist(drvPtr->queryPtr);
+ }
Tcl_DStringEndSublist(drvPtr->queryPtr);
sockPtr = sockPtr->nextPtr;
}
-Andrew
--
AOLserver - http://www.aolserver.com/
To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]>
with the
body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject:
field of your email blank.
