From smail3-wizards-request@cs.athabascau.ca Mon Feb 14 13:15:45 2000
X-VM-v5-Data: ([t nil nil nil nil nil nil nil nil]
	["4549" "Monday" "14" "February" "2000" "12:57:00" "-0500" "Greg A. Woods" "woods@most.weird.com" nil "137" "urgent patch for users of 3.2.0.110 who are experiencing problems." "^Resent-Date:" "smail3-users@cs.athabascau.ca, smail3-wizards@cs.athabascau.ca" "Smail-3 Users Mailing List, Smail-3 Wizards Mailing List" "2" nil nil nil nil nil]
	nil)
Return-Path: <smail3-wizards-request@cs.athabascau.ca>
Received: from whome.planix.com([204.29.161.33]) (6734 bytes) by most.weird.com
	via smail with P:esmtp/D:user/T:local
	(sender: <smail3-wizards-request@cs.athabascau.ca>) 
	id <m12KQ2B-000g5eL@most.weird.com>
	for <woods@weird.com>; Mon, 14 Feb 2000 13:15:43 -0500 (EST)
	(Smail-3.2.0.111-Pre 2000-Feb-11 #21 built 2000-Feb-13)
Received: from aurora.cs.athabascau.ca([131.232.10.2]) (6392 bytes) by whome.planix.com
	via sendmail with P:esmtp/D:aliases/R:inet_hosts/T:smtp
	(sender: <smail3-wizards-request@cs.athabascau.ca>) 
	id <m12KQ2B-001yu8L@whome.planix.com>
	for <woods@planix.com>; Mon, 14 Feb 2000 13:15:43 -0500 (EST)
	(Smail-3.2.0.108 1999-Sep-19 #1 built 1999-Oct-7)
Received: from aupair.cs.athabascau.ca([131.232.10.8]) (9049 bytes) by aurora.cs.athabascau.ca
	via smtpd with P:esmtp/R:bind/T:smtp
	(sender: <smail3-wizards-request@cs.athabascau.ca>) 
	id <m12KPm1-001I2vC@aurora.cs.athabascau.ca>
	for <woods@planix.com>; Mon, 14 Feb 2000 10:59:01 -0700 (MST)
	(Smail-3.2.0.101 1997-Dec-17 #3 built 1998-Mar-11)
Received: (5612 bytes) by aupair.cs.athabascau.ca
	via sendmail with P:stdio/D:aliasinclude/R:smart_host/T:smtp
	(sender: <smail3-wizards-request@cs.athabascau.ca>) 
	id <m12KPkL-0002nSC@aupair.cs.athabascau.ca>
	for smail3-wizards-dist@cs.athabascau.ca; Mon, 14 Feb 2000 10:57:17 -0700 (MST)
	(Smail-3.2.0.101 1997-Dec-17 #3 built 1998-Feb-24)
Old-Return-Path: <woods@most.weird.com>
Message-Id: <m12KPk4-000g5eC@most.weird.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Resent-Message-ID: <"5cRbmD.A.2vG.8HEq4"@aupair.cs.athabascau.ca>
X-Loop: smail3-wizards@cs.athabascau.ca
Resent-Sender: smail3-wizards-request@cs.athabascau.ca
Resent-Date: Mon, 14 Feb 2000 10:57:17 -0700 (MST)
Date: Mon, 14 Feb 2000 12:57:00 -0500 (EST)
Resent-From: smail3-wizards@cs.athabascau.ca
From: woods@most.weird.com (Greg A. Woods)
Reply-To: smail3-users@cs.athabascau.ca (Smail-3 Users Mailing List)
Organization: Planix, Inc.; Toronto, Ontario; Canada
Subject: urgent patch for users of 3.2.0.110 who are experiencing problems.
To: smail3-users@cs.athabascau.ca (Smail-3 Users Mailing List),
    smail3-wizards@cs.athabascau.ca (Smail-3 Wizards Mailing List)
X-Mailer: VM 6.75 under Emacs 20.5.1
X-Mailing-List: <smail3-wizards@cs.athabascau.ca> archive/latest/280
Precedence: list

Seems I was overly optimistic in my trust that the previously un-used
code in src/hash.c was still in working order.  Seems there's an
implementation error therein which causes a reference to previously
freed memory, and on some systems this can cause a SIGSEGV.

Because of another bug on my part this problem was really only affecting
some types of systems (I had no visible problems on NetBSD/sparc until I
fixed my bug in the usage of this old code).

If anyone would like to help debug I've got some fixes to make the
standalone code in src/hash.c work again and the problem can easily be
reproduced and analysed with GDB and ElectricFence.  There are a couple
of people working on this already but I'm sure we could use more help!
I haven't yet had time to analyse the data structures and algorigthms in
src/hash.[ch] to the extent I'd like to before I try and fix it so if
anyone else can figure out a fix I'd appreciate the help.

What I'm recommending for now is to just avoid using the broken code.
This causes a memory leak, but only under a few circumstances and only
in child processes so far as I can tell (i.e. the leak shouldn't affect
any long-running processes).

Index: resolve.c
===================================================================
RCS file: /cvs/master/smail/src/resolve.c,v
retrieving revision 1.20
retrieving revision 1.22
diff -c -u -r1.20 -r1.22
--- resolve.c	2000/02/06 16:36:48	1.20
+++ resolve.c	2000/02/14 05:34:01	1.22
@@ -42,8 +42,8 @@
 #endif
 
 /* exported variables */
-struct hash_table *hit_table;		/* table to recognize address hits */
-struct block *hit_table_block;		/* bmalloc() for bfree() */
+struct hash_table *hit_table = NULL;	/* table to recognize address hits */
+struct block *hit_table_block = NULL;	/* block() for bmalloc() et al */
 
 
 /*
@@ -199,7 +199,7 @@
     if (hash_addrs) {
 	struct addr *prev;
 	struct hash_table *hit_out_table; /* table to recognize address hits */
-	struct block *hit_out_table_block; /* bmalloc() for bfree() */
+	struct block *hit_out_table_block; /* block for bmalloc() et al */
 	struct hash *curh;		/* pointer to walk the table */
 	char *hashval;
 
@@ -230,13 +230,17 @@
 	    }
 	    xfree(hashval);
 	}
+#if 0
 	/* free the hash table elements */
-	for (curh = walk_hash((struct hash *) NULL, hit_table);
+	for (curh = walk_hash((struct hash *) NULL, hit_out_table);
 	     curh;
-	     curh = walk_hash(curh, hit_table)) {
-	    free_hash_element(curh, 0, hit_table); /* free without deletion */
+	     curh = walk_hash(curh, hit_out_table)) {
+	    free_hash_element(curh, 0, hit_out_table); /* free without deletion */
 	}
+	/* free the hash table itself */
 	free_hash_table(hit_out_table);
+	free_block(hit_out_table_block);
+#endif
     }
     return;
 }
Index: main.c
===================================================================
RCS file: /cvs/master/smail/src/main.c,v
retrieving revision 1.54
retrieving revision 1.56
diff -c -u -r1.54 -r1.56
--- main.c	2000/02/11 04:49:33	1.54
+++ main.c	2000/02/14 17:55:38	1.56
@@ -854,9 +854,13 @@
      * generate a new address hit table where case is ignored and
      * all data resides in memory
      */
-    if (!hit_table_block) {
-	hit_table_block = malloc_block();
+#if 0
+    if (hit_table_block) {
+	free_block(hit_table_block);
     }
+#endif
+    hit_table_block = malloc_block();
+#if 0
     if (hit_table) {
 	struct hash *curh;		/* pointer to walk the table */
 
@@ -868,6 +872,7 @@
 	}
 	free_hash_table(hit_table);
     }
+#endif
     hit_table = new_hash_table(hit_table_len,
 			       hit_table_block,
 			       HASH_DEFAULT);
Index: smtprecv.c
===================================================================
RCS file: /cvs/master/smail/src/smtprecv.c,v
retrieving revision 1.112
retrieving revision 1.113
diff -c -u -r1.112 -r1.113
--- smtprecv.c	2000/02/11 16:15:10	1.112
+++ smtprecv.c	2000/02/14 05:34:01	1.113
@@ -1361,6 +1361,7 @@
 static void
 reset_hit_table()
 {
+#if 0
     struct hash *curh;		/* pointer to walk the table */
 
     /* free the hash table elements */
@@ -1370,6 +1371,9 @@
 	free_hash_element(curh, 0, hit_table); /* free without deletion */
     }
     free_hash_table(hit_table);
+    free_block(hit_table_block);
+#endif
+    hit_table_block = malloc_block();
     hit_table = new_hash_table(hit_table_len,
 			       hit_table_block,
 			       HASH_DEFAULT);


-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods@acm.org>      <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>