diff options
-rw-r--r-- | ChangeLog | 10 | ||||
-rw-r--r-- | runtime/stream.c | 1 | ||||
-rw-r--r-- | runtime/stream.h | 4 |
3 files changed, 13 insertions, 2 deletions
@@ -11,6 +11,16 @@ Version 4.5.2 [DEVEL] (rgerhards), 2009-07-?? does most probably not have any effect in practice. - bugfix: if tcp listen port could not be created, no error message was emitted +- bugfix: potential segfault in output file writer (omfile) + In async write mode, we use modular arithmetic to index the output + buffer array. However, the counter variables accidently were signed, + thus resulting in negative indizes after integer overflow. That in turn + could lead to segfaults, but was depending on the memory layout of + the instance in question (which in turn depended on a number of + variables, like compile settings but also configuration). The counters + are now unsigned (as they always should have been) and so the dangling + mis-indexing does no longer happen. This bug potentially affected all + installations, even if only some may actually have seen a segfault. --------------------------------------------------------------------------- Version 4.5.1 [DEVEL] (rgerhards), 2009-07-15 - CONFIG CHANGE: $HUPisRestart default is now "off". We are doing this diff --git a/runtime/stream.c b/runtime/stream.c index 605a9771..a6ed70fe 100644 --- a/runtime/stream.c +++ b/runtime/stream.c @@ -833,6 +833,7 @@ finalize_it: * the very some producer comes back in sequence to submit the then-filled buffers. * This also enables us to timout on partially written buffers. -- rgerhards, 2009-07-06 */ +//#include <stdio.h> static inline rsRetVal doAsyncWriteInternal(strm_t *pThis, size_t lenBuf) { diff --git a/runtime/stream.h b/runtime/stream.h index cb368835..64ffb6e1 100644 --- a/runtime/stream.h +++ b/runtime/stream.h @@ -131,8 +131,8 @@ typedef struct strm_s { pthread_cond_t notFull; pthread_cond_t notEmpty; pthread_cond_t isEmpty; - short iEnq; - short iDeq; + unsigned short iEnq; /* this MUST be unsigned as we use module arithmetic (else invalid indexing happens!) */ + unsigned short iDeq; /* this MUST be unsigned as we use module arithmetic (else invalid indexing happens!) */ short iCnt; /* current nbr of elements in buffer */ struct { uchar *pBuf; |