Hello Laine, On Thursday 05 April 2012 09:32:45 Laine Stump wrote: > This bug resolves https://bugzilla.redhat.com/show_bug.cgi?id=810100 > > rpm builds for i686 were failing with a segfault in > networkxml2argvtest. Running under valgrind showed that a region of > memory was being referenced after it had been freed (as the result of > realloc - see the valgrind report in the BZ). Thanks for fixing that bug. My fault. > The problem (in replaceTokens() - added in commit 22ec60, meaning this > bug was in 0.9.10 and 0.9.11) was that the pointers token_start and > token_end were being computed based on the value of *buf, then *buf > was being realloc'ed (potentially moving it), then token_start and > token_end were used without recomputing them to account for movement > of *buf. > > The solution is to change the code so that token_start and token_end > are offsets into *buf rather than pointers. This way there is only a > single pointer to the buffer, and nothing needs readjusting after a > realloc. (You may note that some uses of token_start/token_end didn't > need to be changed to add in "*buf +" - that's because there ended up > being a +*buf and -*buf which canceled each other out). > > DV gets the credit for finding this bug and pointing out the valgrind > report. Look good. Reviewd-by: Philipp Hahn <hahn univention de> Sincerely Philipp -- Philipp Hahn Open Source Software Engineer hahn univention de Univention GmbH be open. fon: +49 421 22 232- 0 Mary-Somerville-Str.1 D-28359 Bremen fax: +49 421 22 232-99 http://www.univention.de/
Description: This is a digitally signed message part.