I didn't get any replies to this when I sent it last week. Am I on the
wrong list for this sort of query?
Chris...
=== original message ===
I've manage to diagnose this down further to a snippet of code inside
ERR_STATE *ERR_get_state(void)
on roughly line 1022 of crypot/err/err.c of the 0.9.7-f-snapshot
(from the 11th):
if (ERRFN(thread_get_item)(ret) != ret)
{
cmb_ssl_dbg( "crypto thread_get_item failed" );
ERR_STATE_free(ret); /* could not insert it */
return(&fallback);
}
The double free occurs within ERR_STATE_free here, and I'm not clear
as to why this is. I predict that it's because of a threading issue. As
far as I know our mutexes for the crypto library do work, however the
implication here is that they don't or that they aren't being used
properly. Is this a race condition? I don't follow the code around
int_thread_get_item well enough to know for sure. Are any experts
available to review this?
It does appear to me that if two threads are simultaneously popping
errors from the stack that this condition could occur because there
appears to be no lock between:
tmpp = ERRFN(thread_set_item)(ret);
/* To check if insertion failed, do a get. */
if (ERRFN(thread_get_item)(ret) != ret)
and that the diagnostics being done might actually be incorrect. At
least according to what the comment between those lines says.
Chris...
Dr. Stephen Henson wrote:
On Mon, Mar 14, 2005, cmb wrote:
Thank you, duh, turning on debug for config cleared up all my stack
trace problems.
Here is the excerpt of a stack trace that is double freeing:
#11 0x081a39db in CRYPTO_free (str=0x0) at mem.c:378
#12 0x081b1fa6 in ERR_get_state () at err.c:605
#13 0x081b2023 in get_error_values (inc=1, top=0, file=0x0, line=0x0,
data=0x0, flags=0x0) at err.c:748
#14 0x081b22d9 in ERR_get_error () at err.c:708
Note that this is different than the one I reported earlier. I think
that both code paths result in this problem, and I'm still not sure it's
not an error in my code.
I'm still doing diagnostics, but my schedule is frenetic, so it might
take a while. If anyone has any thoughts on what might be going on, or
a clue as to what to look at, it would be appreciated.
All I can suggest at this stage is to be sure the locking callbacks work
including the thread ID callback if its needed.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
