segment fault with 2.6.6 or CVS

Fri Jul 29 18:44:11 GMT 2005

On Fri, Jul 29, 2005 at 11:04:38AM +0200, Helmut Jarausch wrote:
> But it crashed in daemon mode (started standalone or by xinetd)

I've never seen this crash.  Also, in your gdb output, it appears that
the stack was corrupted by the crash, so it's not showing an accurate
picture of the variables when the crash occurred (e.g. glob_expand_one()
is missing from the backtrace).  You might try running rsync under
valgrind (if you have that) to see if it reports any errors (it works
fine in my testing).  Also, you could sprinkle some debug output into
the glob_expand_one() routine (using fprintf(stderr, "...\n") works well
with --no-detach) to help you narrow down what rsync is doing when it
crashes (or attach gdb to the child and debug it -- I sometimes insert a
sleep into the child process to make it easy to attach after the child
has already started to run).

As a stab in the dark, I wonder if glob() might be returning an error
after modifying the globbuf structure.  If so, the attached patch may
have an affect on the problem (but I kinda doubt it).

> I don't understand the code since I see 2 (global) definitions of
> lp_name 

One is a stub for use in the testing programs and may be ignored.

..wayne..
-------------- next part --------------

--- util.c	27 Jul 2005 23:30:51 -0000	1.185
+++ util.c	29 Jul 2005 18:32:57 -0000
@@ -540,9 +540,8 @@ static void glob_expand_one(char *s, cha
 	else
 		s = strdup(s);
 
-	memset(&globbuf, 0, sizeof globbuf);
-	if (!filter_server_path(s))
-		glob(s, 0, NULL, &globbuf);
+	if (filter_server_path(s) || glob(s, 0, NULL, &globbuf) != 0)
+		globbuf.gl_pathc = 0;
 	if (MAX((int)globbuf.gl_pathc, 1) > maxargs - argc) {
 		maxargs += globbuf.gl_pathc + MAX_ARGS;
 		if (!(argv = realloc_array(argv, char *, maxargs)))
