free野指針問題
阿新 • • 發佈:2018-05-08
pre real corrupt and num IT nmp token pan
gdb backtrace內容如下:
1 Program received signal SIGABRT, Aborted. 2 0xb67683c0 in raise () from /lib/libc.so.0 3 (gdb) p cmd 4 No symbol "cmd" in current context. 5 (gdb) bt 6 #0 0xb67683c0 in raise () from /lib/libc.so.0 7 #1 0xb6762bfc in abort () from /lib/libc.so.0 8 #2 0xb67626a8 in free () from /lib/libc.so.09 #3 0xb6a8a6dc in cmd_matcher_match_keyword (matcher=0xbeac7080, token=0x917690, argc=0xbeac7698, argv=0xbeac7634) 10 at /Source_route/wns/apps/openswitch_ori/ops-cli/lib/command.c:2051 11 #4 0xb6a8a97c in cmd_element_match (cmd_element=0xb65d02ec, filter=FILTER_RELAXED, vline=0x8ec160, index=4294967295, 12 match_type=0x0, match=0x0, argc=0xbeac7698, argv=0xbeac7634) 13 at /Source_route/wns/apps/openswitch_ori/ops-cli/lib/command.c:2122 14 #5 0xb6a8ace4 in cmd_parse (cmd_element=0xb65d02ec, vline=0x8ec160, argc=0xbeac7698, argv=0xbeac7634) 15 at /Source_route/wns/apps/openswitch_ori/ops-cli/lib/command.c:2252 16 #6 0xb6a8d680 in cmd_execute_command_real (vline=0x8ec160, filter=FILTER_RELAXED, vty=0x8dd290, cmd=0xbeac7798) 17 at /Source_route/wns/apps/openswitch_ori/ops-cli/lib/command.c:3544 18 #7 0xb6a8e564 in cmd_execute_command (vline=0x8ec160, vty=0x8dd290, cmd=0xbeac7798, vtysh=1) 19 at /Source_route/wns/apps/openswitch_ori/ops-cli/lib/command.c:3733 20 #8 0x000278f0 in vtysh_execute_func (line=0x977c8f "snmp-server host 10.54.88.108 inform version v2c community a3 port 162", 21 pager=1) at /Source_route/wns/apps/openswitch_ori/ops-cli/vtysh/vtysh.c:440 22 #9 0x00027ec0 in vtysh_execute (line=0x977c8f "snmp-server host 10.54.88.108 inform version v2c community a3 port 162") 23 at /Source_route/wns/apps/openswitch_ori/ops-cli/vtysh/vtysh.c:661 24 #10 0x00025e80 in s_process_cli_cmd (buf=0x985860, len=109, msg=0x0, proxy_hdr=0x98581c) 25 at /Source_route/wns/apps/openswitch_ori/ops-cli/vtysh/vtysh_main.c:353 26 #11 0xb6a29a28 in ?? () from /wns/lib/libwns_ipc.so 27 #12 0xb6a29a28 in ?? () from /wns/lib/libwns_ipc.so 28 Backtrace stopped: previous frame identical to this frame (corrupt stack?)
看第2、3行, 在cmd_matcher_match_keyword 函數中free出錯,有兩種情況:釋放野指針;重復釋放(造成野指針)
所以,在看看前文哪裏有free行為的代碼, 直接註釋掉
(gdb) frame 3 #3 0xb6b326dc in cmd_matcher_match_keyword (matcher=0xbec3d080, token=0xb3b690, argc=0xbec3d698, argv=0xbec3d634) at /Source_route/wns/apps/openswitch_ori/ops-cli/lib/command.c:2051 2051 in /Source_route/wns/apps/openswitch_ori/ops-cli/lib/command.c (gdb) ptype matcher type = struct cmd_matcher { struct cmd_element *cmd; enum filter_type filter; vector vline; unsigned int index; enum match_type *match_type; vector *match; unsigned int word_index; } * (gdb)
frame n切換現場查看具體信息
free野指針問題