[Xapian-devel] Re: [XapianBug 117] Invalid data in remote protocol can cause buffer overflow

Olly Betts olly at survex.com
Mon Apr 9 11:13:48 BST 2007


On Mon, Apr 09, 2007 at 01:48:24AM +0100, Richard Boulton wrote:
> My build (on an "Intel(R) Core(TM)2 CPU", so 32 bit linux), behaves the 
> same way.  I've never seen it work with valgrind on the remote backend 
> actually - I just assumed it was too slow to work with the timeouts 
> enforced by the remote backend, and disabled valgrind for tests when 
> using the remote backend.

I find it hard to believe that a 5 minute timeout is too short for any
test, yet none of them pass.  And if you look in "top", neither process
is using CPU during the 5 minutes.

Attaching gdb just shows unhelpful valgrind voodoo but strace shows that
xapian-progsrv is in:

    select(1, [0], NULL, [0], {159, 856000} <unfinished ...>

That's waiting for stdin to become readable or error.  Meanwhile apitest
is in:

    read(5,

So both sides are trying to read!  The arguments to select point to it
being the call at line 145 of net/remoteconnection.cc.
	
I tried running xapian-progsrv under "valgrind --tool=none" instead and
that makes no difference (we don't use the results of memcheck on the
server, we only run it under valgrind to avoid problems with FP
excess precision which valgrind doesn't emulate exactly, so I'm going to
see if "--tool=none" would speed up apitest on remotetcp databases...)

My valgrind is Ubuntu edgy's - "valgrind-3.2.0-Debian" (not the latest
upstream).  I had a quick go at compiling 3.2.3 but it needs something
installed I don't have (/usr/include/gnu/stubs-32.h).

> It would be rather good to fix this, though - now I know it's not the 
> expected behaviour, I'll look into it sometime if you don't fix it first!

I think I've lost momentum on this for now and I already have plenty of
other things to work on, so feel free.

Cheers,
    Olly



More information about the Xapian-devel mailing list