rsync 3.00pre6 segfault in add_dirs_to_tree

Thu Dec 13 02:44:47 GMT 2007

Hi All

I run rsync in an automated environment and it sometime will crash and
leave a core dump file. from core dump, gdb shows that

gdb) bt
#0  add_dirs_to_tree (parent_ndx=-1, from_flist=0x56c590, dir_cnt=1) at
flist.c:1422
#1  0x0000000000409eab in send_file_list (f=16, argc=-1, argv=0x56c238)
at flist.c:2068
#2  0x0000000000419052 in client_run (f_in=16, f_out=16, pid=-1, argc=1,
argv=0x56c230) at main.c:1033
#3  0x000000000041a09a in main (argc=2, argv=0x56c230) at main.c:1260

(gdb) bt f
#0  add_dirs_to_tree (parent_ndx=-1, from_flist=0x56c590, dir_cnt=1) at
flist.c:1422
        file = (struct file_struct *) 0x0

~~~~it crashes at add_dirs_to_tree() when reference a NULL pointer.

        i = 2
        dp = (int32_t *) 0x2a983f2f28
        parent_dp = (int32_t *) 0x0

(gdb) p *((struct file_list *)0x56c590)->sorted[0]
$4 = {dirname = 0x0, modtime = 1197492871, len32 = 4096, mode = 16895,
flags = 5, basename = "."}
(gdb) p *((struct file_list *)0x56c590)->sorted[1]
$5 = {dirname = 0x0, modtime = 1197488045, len32 = 16384, mode = 16832,
flags = 4, basename = "l"}

from the mode, it looks that both of them are directories, so S_ISDIR()
should be 1 and thus "dir_cnt--" should get executed, but later show
dir_cnt is still 1. weired.

(gdb) p *((struct file_list *)0x56c590)->sorted[2]
Cannot access memory at address 0x0

~~~~this is where file become NULL pointer when i is 2.

(gdb) p dir_cnt
$11 = 1

Any idea about what is going on here? I can provide the core dump and
rsync binary or other information if need.

Thanks!

-- 
Ming Zhang

@#$%^ purging memory... (*!%
http://blackmagic02881.wordpress.com/
http://www.linkedin.com/in/blackmagic02881
--------------------------------------------