From owner-freebsd-hackers Sun Apr 15 11:30:51 2001 Delivered-To: freebsd-hackers@freebsd.org Received: from cs.rpi.edu (mumble.cs.rpi.edu [128.213.8.16]) by hub.freebsd.org (Postfix) with ESMTP id 51B4B37B422 for ; Sun, 15 Apr 2001 11:30:49 -0700 (PDT) (envelope-from crossd@cs.rpi.edu) Received: from cs.rpi.edu (monica.cs.rpi.edu [128.213.7.2]) by cs.rpi.edu (8.9.3/8.9.3) with ESMTP id OAA77818 for ; Sun, 15 Apr 2001 14:30:48 -0400 (EDT) Message-Id: <200104151830.OAA77818@cs.rpi.edu> To: freebsd-hackers@freebsd.org Subject: a bug in ypserv found Date: Sun, 15 Apr 2001 14:30:47 -0400 From: "David E. Cross" Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I have found _a_ bug in ypserv (I think I may be stumbling over multiple different bugs, but this one is very reproducable). It is dying in the yp_testflags routine, in the for loop that goes through the CIRCLEQ. The loop dies with qptr pointing to a struct that is all NULL (my reading of CIRCLEQ suggests this isn't supposed to be possible), *and* qhead (the global variable representing the CIRCLEQ_HEAD) pointing to a structure that is all NULL (also not supposed to be possible). The fact that &qptr != qhead to me suggests that there was data there when it started, but that it got ripped out from in under it. I am not sure how though: qhead is a "static" global variable, and the only async entry into the routine is called from the signal-handler for SIGHUP, problem is that SIGHUP is not being called. (Aside: this has been a real pain to track down... I traced it into the RPC library and back out the other side... NOT FUN) -- David Cross | email: crossd@cs.rpi.edu Lab Director | Rm: 308 Lally Hall Rensselaer Polytechnic Institute, | Ph: 518.276.2860 Department of Computer Science | Fax: 518.276.4033 I speak only for myself. | WinNT:Linux::Linux:FreeBSD To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message