talloc & threads in rlm_eap
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Sat Jun 21 17:30:35 CEST 2014
On 21 Jun 2014, at 17:23, Arran Cudbard-Bell <a.cudbardb at freeradius.org> wrote:
>
> On 21 Jun 2014, at 17:20, Arran Cudbard-Bell <a.cudbardb at freeradius.org> wrote:
>
>>
>> On 21 Jun 2014, at 12:13, Phil Mayers <p.mayers at imperial.ac.uk> wrote:
>>
>>> Something's still not quite right; I can still trigger a crash with my local config, though it's much much harder. Symptoms look similar i.e. heap corruption, though I've only triggered a few so far.
>>>
>>> :o(
>>>
>>> Can't seem to trigger one with a default config, so maybe it's a module I'm using, or maybe the combo of "real" options just makes it more likely and I didn't wait long enough.
>>>
>>> Will keep poking to see if I can make it more readily reproducible.
>>
>> Double frees aren't always due to heap corruption, sometimes it's not reparenting attributes correctly into other contexts, so they get freed when their original parent does.
>>
>> If you can get the circular buffer debug stuff working, then you'll be able to see where the double freed VALUE_PAIR was allocated from originally, which will be a big clue.
>>
>> As a first diagnostic step i'd try getting rid of calls to rlm_cache and see if that helps. It's the module most likely to experience those kind of reparenting issues.
>
> Ug, its rbtree was parented off its instance data too... just fixed that.
Arg and the handler and session trees :(
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20140621/1533801e/attachment.pgp>
More information about the Freeradius-Devel
mailing list