From: Shawn Pearce <spearce@spearce.org>
To: Johannes Schindelin <Johannes.Schindelin@gmx.de>,
Junio C Hamano <junkio@cox.net>
Cc: git@vger.kernel.org
Subject: Segfault in xdl_merge is back
Date: Tue, 26 Dec 2006 23:16:44 -0500 [thread overview]
Message-ID: <20061227041644.GA22449@spearce.org> (raw)
So I've been able to reproduce the segfault that was earlier reported
in xdl_merge. Unfortunately its in the repo that I can't publish.
I plan to spend some time tomorrow evening to attempt to further
debug the problem. I would certainly appreciate any advice. :-)
I can say its *not* related to 1510fea7 (or its fix 5caf9232 for
that matter). Tonight I only had a few minutes to look at the issue
but reverting 1510fea7/5caf9232 does not fix the segfault on Cygwin,
even though 5caf9232 appears to have fixed the issue for the original
reporter on Linux.
If I recall it correctly we were segfaulting on line 197 of xmerge.c:
197 t1.ptr = (char *)xe1->xdf2.recs[m->i1]->ptr;
according to my particular case m->i1 == 70, but it looks like
xdf2.recs isn't that large as index 70 is not a valid pointer.
I'm suspecting this is actually some sort of memory corruption in
the heap (due to a bad malloc/free) as the bug seems to rear its
head only based on the data we are allocating/have allocated.
If you look at what 1510fea7 would do on Linux the 1510fea7 bug
would send us into the else case of diff_populate_filespec where we
malloc the file data during decompression from the pack. Yet when
we fixed it with 5caf9232 we started to mmap the working tree file,
avoiding the malloc/free. This behavior, plus the fact that it
happens no matter what for a particular merge on Cygwin (but not
other merges), leads me to suspect heap corruption.
I may try to bisect this on Cygwin, but I may need to go all the way
back to pre-xdl_merge() to get a working merge-recursive, and I may
just find the bug pointing at the original merge-recursive code,
or just find it pointing at a random commit like what happened
with 1510fea7. So bisection may not really help out very much.
Has anyone run merge-recursive through Valgrind lately? I don't
have a setup handy to run it through and see if we have any obvious
errors.
--
Shawn.
next reply other threads:[~2006-12-27 4:17 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-12-27 4:16 Shawn Pearce [this message]
2006-12-27 6:49 ` Segfault in xdl_merge is back Linus Torvalds
2006-12-27 8:24 ` Shawn Pearce
2006-12-27 11:22 ` Johannes Schindelin
2006-12-27 12:53 ` Alexandre Julliard
2006-12-28 16:13 ` [PATCH] xdl_merge(): fix a segmentation fault when refining conflicts Johannes Schindelin
2006-12-28 22:09 ` Junio C Hamano
2006-12-29 4:16 ` Shawn Pearce
2006-12-30 18:53 ` Johannes Schindelin
2006-12-30 19:47 ` Jakub Narebski
2006-12-31 1:09 ` Johannes Schindelin
2007-01-02 13:18 ` Jakub Narebski
2007-01-02 20:58 ` Johannes Schindelin
2007-01-02 21:11 ` Junio C Hamano
2007-01-02 21:17 ` Johannes Schindelin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20061227041644.GA22449@spearce.org \
--to=spearce@spearce.org \
--cc=Johannes.Schindelin@gmx.de \
--cc=git@vger.kernel.org \
--cc=junkio@cox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.