Hi,
On Wed, 23 Jul 2008, Pierre Habouzit wrote:
> I had a core that I stupidly lost, but I remember that the broken malloc
> was:
>
>
> static void *get_data_from_pack(struct object_entry *obj)
> {
> off_t from = obj[0].idx.offset + obj[0].hdr_size;
> unsigned long len = obj[1].idx.offset - from;
> unsigned long rdy = 0;
> unsigned char *src, *data;
> z_stream stream;
> int st;
>
> src = xmalloc(len);
> ^^^^^^^^^^^^^^^^^^
>
> len was horribly big, and outputing obj[1].idx showed that `sha1` had
> text in it. I mean something like "could not\r\n han" IIRC.
>
> I don't remember the rest of the backtrace, and have stupidly not kept
> any ways of reproducing it.
That would not have helped. The memory corruption almost _certainly_ took
place way before that.
Ciao,
Dscho
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
