
Hello Laine, On Thursday 05 April 2012 09:32:45 Laine Stump wrote:
This bug resolves https://bugzilla.redhat.com/show_bug.cgi?id=810100
rpm builds for i686 were failing with a segfault in networkxml2argvtest. Running under valgrind showed that a region of memory was being referenced after it had been freed (as the result of realloc - see the valgrind report in the BZ).
Thanks for fixing that bug. My fault.
The problem (in replaceTokens() - added in commit 22ec60, meaning this bug was in 0.9.10 and 0.9.11) was that the pointers token_start and token_end were being computed based on the value of *buf, then *buf was being realloc'ed (potentially moving it), then token_start and token_end were used without recomputing them to account for movement of *buf.
The solution is to change the code so that token_start and token_end are offsets into *buf rather than pointers. This way there is only a single pointer to the buffer, and nothing needs readjusting after a realloc. (You may note that some uses of token_start/token_end didn't need to be changed to add in "*buf +" - that's because there ended up being a +*buf and -*buf which canceled each other out).
DV gets the credit for finding this bug and pointing out the valgrind report.
Look good. Reviewd-by: Philipp Hahn <hahn@univention.de> Sincerely Philipp -- Philipp Hahn Open Source Software Engineer hahn@univention.de Univention GmbH be open. fon: +49 421 22 232- 0 Mary-Somerville-Str.1 D-28359 Bremen fax: +49 421 22 232-99 http://www.univention.de/