memcached bugreport

Steven Grimm sgrimm at facebook.com
Sun Mar 18 01:10:31 UTC 2007 

Wasn't this broken by the recent patch that inlined the reallocs? I 
don't think it's broken in any of the numbered releases. So only people 
who applied the recent patch would have gotten bitten by it. (I think.)

Since that patch was also applied to the multithreaded branch, I guess 
the same problem was probably introduced there too.

-Steve


Brad Fitzpatrick wrote:
> Thomas,
>
> I see what you mean now, thanks!  Checking in the fix now & will give you
> credit...
>
> This warrants putting out a new release.  I wonder how many people have
> gotten bitten by this.  :)
>
> - Brad
>
>
> On Sat, 17 Mar 2007, Thomas van Gulick wrote:
>
>   
>> 1.2.0 uses do_realloc, svn trunk version does reallocation 'inline' in the
>> conn_shrunk().
>>
>> The argument to these reallocs() in the svn trunk version is incorrect.
>>
>> The realloc of c->rbuf on line 463 is correct, but the reallocs of ilist
>> (line 474), msglist (line 483) and iov (line 492) are not, they're in the
>> form:
>>
>> realloc((void*)&c->ilist, ...)
>>
>> instead of
>>
>> realloc((void*)c->ilist, ... )
>>
>> Due to the cast, there are not warnings.
>> I've changed all three problems and am now running svn trunk memcached on a
>> production server without any problems.
>> I could supply a patch file, but you only need to remove 3 ampersands :)
>>
>> Thomas
>>
>> ----- Original Message -----
>> From: "Brad Fitzpatrick" <brad at danga.com>
>> To: "Thomas van Gulick" <thomas at partyflock.nl>
>> Sent: Saturday, March 17, 2007 23:32
>> Subject: Re: memcached bugreport
>>
>>
>>     
>>> Thomas,
>>>
>>> Did you see that it's do_realloc() and not realloc()?
>>>
>>> See the implementation of do_realloc() above conn_shrink().
>>>
>>> You might be right still, but please confirm before I look into this more.
>>>
>>> - Brad
>>>
>>>
>>> On Sat, 17 Mar 2007, Thomas van Gulick wrote:
>>>
>>>       
>>>> Hi Brad!
>>>>
>>>> Found the problem...
>>>>
>>>> In memcached.c, in the conn_shrink() function ilist, msglist and iov are
>>>> improperly reallocated.
>>>> It's using the addresses of the pointers instead of the pointers
>>>> themselves
>>>> as argument to realloc!
>>>>
>>>> Thomas
>>>> --
>>>>
>>>>
>>>>
>>>>         
>>>       
>>

More information about the memcached mailing list