Menu

#145 OpenSLP 2.0.0.0 rare exception in slpd on Windows platform

open
nobody
windows (3) slpd (2) crash (3)
5
2014-04-11
2014-04-11
Evgeny
No

May be this ticket related to problem described in ticked #144.
Also on some rare cases on Windows 7 x64 environment there unhandled exception occurs in slpd during network interface state change. I discovered that exception appears inside SLPDPropertyReinit (slpd_property.c) at line 68:

xfree(G_SlpdProperty.locale);

Discussion

  • Evgeny

    Evgeny - 2014-04-11

    Stack trace:

    slpd.exe!_CrtIsValidHeapPointer(const void * pUserData=0x0000000000413320) Line 2103
    slpd.exe!_free_dbg_nolock(void * pUserData=0x0000000000413320, int nBlockUse=1) Line 1317 + 0xa bytes
    slpd.exe!_free_dbg(void * pUserData=0x0000000000413320, int nBlockUse=1) Line 1258 + 0xe bytes
    slpd.exe!free(void * pUserData=0x0000000000413320) Line 50
    slpd.exe!SLPDPropertyReinit() Line 68
    slpd.exe!HandleSigHup() Line 295
    slpd.exe!ServiceStart(int argc=2, char * argv=0x0000000000523900) Line 453
    slpd.exe!SLPDCmdDebugService(int argc=2, char *     argv=0x0000000000523900) Line 720
    slpd.exe!main(int argc=2, char * * argv=0x0000000000523900) Line 744
    slpd.exe!__tmainCRTStartup() Line 266 + 0x19 bytes
    slpd.exe!mainCRTStartup() Line 182

     

  • Evgeny

    Evgeny - 2014-04-11

    Update:

    More deep investigation shows that problem appears one line earlier (and not related to ticket #144) at slpd_property.c line 67: xfree(G_SlpdProperty.interfaces);
    Problem occurs SLPDPropertyReinit function called twice sequentially without reinitialization of list interfaces between: once normally, and secondly on gone of one of interfaces. In this case G_SlpdProperty.interfaces occurs freed already but not nulled.

    Hot fix which works for me is to modify line 67 (slpd_property.c) from:

    xfree(G_SlpdProperty.interfaces);

    to:

    xfree(G_SlpdProperty.interfaces);
    G_SlpdProperty.interfaces = NULL;
    G_SlpdProperty.interfacesLen = 0;

    This fix (seems to me) may (!) result in small performance loose because memory manager each time will relocate memory block.

    Also the same problem appears in SLPDKnownDADeinit function (slpd_knownda.c) at line 738.
    With the same reason (both SLPDKnownDADeinit and SLPDPropertyReinit functions called from HandleSigHup) there ere situations (with interface gone) when G_ifaceurls frees twice.

    So solution the same to modify lines 737-738 in slpd_knownda.c from:

    if(G_ifaceurls)
    xfree(G_ifaceurls);

    to:

    if(G_ifaceurls)
    {
    xfree(G_ifaceurls);
    G_ifaceurls = NULL;
    }

     

Log in to post a comment.