Hello, In certain cases the ns_driver query logic can end up dereferencing a null pointer. The code iterates over all the sockets waiting for I/O events and prints out some info about the socket and the associated conn via NsAppendConn(sockPtr->connPtr). It turns out that if the sock is in SOCK_CLOSEWAIT state, the connection associated with the sock has already been freed, so the NsAppendConn call blows up.
I can reproduce the crash by logging into the nscp port and calling ns_driver query over and over on a lightly loaded development server. Here is a patch that just puts an empty list where the connection info would be in the case that the conn is null. Does it look ok? --- driver.c.orig 2008-11-07 17:17:36.000000000 +0000 +++ driver.c 2008-11-07 17:20:33.000000000 +0000 @@ -1328,7 +1328,12 @@ pdata.pfds[sockPtr->pidx].revents, sockPtr->acceptTime.sec, sockPtr->acceptTime.usec, sockPtr->timeout.sec, sockPtr->timeout.usec); - NsAppendConn(drvPtr->queryPtr, sockPtr->connPtr, "i/o"); + if (sockPtr->connPtr != NULL) { + NsAppendConn(drvPtr->queryPtr, sockPtr->connPtr, "i/o"); + } else { + Tcl_DStringStartSublist(drvPtr->queryPtr); + Tcl_DStringEndSublist(drvPtr->queryPtr); + } Tcl_DStringEndSublist(drvPtr->queryPtr); sockPtr = sockPtr->nextPtr; } -Andrew -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.