W3C home > Mailing lists > Public > www-lib@w3.org > January to March 2001

Bug in HTChannel.c

From: Worik Macky Turei Stanton <worik@noggon.co.nz>
Date: 23 Mar 2001 09:42:11 +1200
To: www-lib@w3.org
Message-ID: <87bsqt7a6k.fsf@noggon.co.nz>
Friends

I am executing the following code...

	// Must set a channel on the host attached to the net object
	// that we are listening on if one is not alredy set
	if(!HTHost_channel(HTNet_host(net))){
	    HTChannel * c = HTChannel_new(INVSOC, NULL, YES);
	    HTHost_setChannel(HTNet_host(net), c);
	}	

	if(HTHost_accept(r, net, "127.0.0.1") == HT_ERROR){

When the channel is created it is created with an INVSOC because it
does not have a socket yet.  

When the accept call in HTDoAccept in HTTCP.c gets a socket it calls...

    HTNet_setSocket(accepting, status);	

Where status is the accepting socket.

Then calls 	HTChannel_setSocket(net->host->channel, sockfd);

Then in that function....

	int old_hash = HASH(channel->sockfd);
	int new_hash = sockfd < 0 ? 0 : HASH(sockfd);
	HTList * list = channels[old_hash];
	if (list) HTList_removeObject(list, channel);

For old_hash = HASH(channel->sockfd); HASH(-1), equiv. to
HASH(INVSOC), returns -1.

Hence HTList * list = channels[old_hash]; is channels[-1].

Segfault.

Surly there should be a sanity check on the old socket...

if(channel->sockfd){
 old_hash = HASH(channel->sockfd);
}

or a sanity check on old_hash
if(old_hash >= 0){
  list = channels[old_hash];
}

Worik





-- 
                     Worik Macky Turei Stanton
                          worik@noggon.co.nz
                              Aotearoa
    This line would not have seven words if only it had eight words less.
Received on Thursday, 22 March 2001 16:39:00 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 23 April 2007 18:18:39 GMT