[ltt-dev] Segfault in state.c

Mathieu Desnoyers compudj at krystal.dyndns.org
Fri Oct 16 10:34:35 EDT 2009


Excellent point.

Actually, looking back at state.c, I noticed there was a major problem
with name table resizing:

the top level pointers were copied from the name table structure to the
trace context, so when the tables were resized, the trace context was
not updated and still refered to the old tables. This is why we could
not free the old tables upon resizing.

It fixed all this in 1cd9058f63bc277629d796bac29c4530d151bea4.

Will be in the 0.12.18 release today.

Thanks,

Mathieu

* Nigel Hathaway (Nigel.Hathaway at ubiquisys.com) wrote:
> In lttv/lttv/state.c, expand_trap_table() segfaults if the incoming
> ts->nb_traps == 0 (with ts->trap_states == NULL, which actually causes
> the segfault).
> 
> The version I have looks like this:
> 
> static void expand_trap_table(LttvTraceState *ts, int id)
> {
>   guint new_nb = check_expand(ts->nb_traps, id);
>   guint i;
>   if(likely(new_nb == ts->nb_traps))
>     return;
>   expand_name_table(ts, &ts->trap_names, ts->nb_traps, new_nb);
>   fill_name_table(ts, ts->trap_names, ts->nb_traps, new_nb, "trap");
>   /* Update the table size */
>   ts->nb_traps = new_nb;
> 
>   LttvTrapState *old_table = ts->trap_states;
>   ts->trap_states = g_new(LttvTrapState, new_nb);
>   memcpy(ts->trap_states, old_table,
>     ts->nb_traps * sizeof(LttvTrapState));
>   for(i = ts->nb_traps; i < new_nb; i++)
>     ts->trap_states[i].running = 0;
> }
> 
> Also, the 'for' statement has no effect as it currently stands.
> 
> It would make more sense if the table size were updated at the end.
> Doing this also fixes the segfault problem.
> 
> What happens to old_table if it is non-NULL? Isn't this a memory leak?
> 
> Here is the patch:
> 
> --- lttv-0.12.11-18022009.orig/lttv/lttv/state.c        2009-02-16
> 01:41:18.000000000 +0000
> +++ lttv-0.12.11-18022009/lttv/lttv/state.c     2009-10-08
> 15:40:32.000000000 +0100
> @@ -363,8 +363,6 @@
>      return;
>    expand_name_table(ts, &ts->trap_names, ts->nb_traps, new_nb);
>    fill_name_table(ts, ts->trap_names, ts->nb_traps, new_nb, "trap");
> -  /* Update the table size */
> -  ts->nb_traps = new_nb;
> 
>    LttvTrapState *old_table = ts->trap_states;
>    ts->trap_states = g_new(LttvTrapState, new_nb);
> @@ -372,6 +370,9 @@
>      ts->nb_traps * sizeof(LttvTrapState));
>    for(i = ts->nb_traps; i < new_nb; i++)
>      ts->trap_states[i].running = 0;
> +
> +  /* Update the table size */
> +  ts->nb_traps = new_nb;
>  }
> 
>  static void expand_irq_table(LttvTraceState *ts, int id)
> 
> 
> _______________________________________________
> ltt-dev mailing list
> ltt-dev at lists.casi.polymtl.ca
> http://lists.casi.polymtl.ca/cgi-bin/mailman/listinfo/ltt-dev
> 

-- 
Mathieu Desnoyers
OpenPGP key fingerprint: 8CD5 52C3 8E3C 4140 715F  BA06 3F25 A8FE 3BAE 9A68




More information about the lttng-dev mailing list