Hi! I was trying out the journal and the journalctl utility sometimes crashed on me. After some debugging, I tracked it down to the fact that next_with_matches() holds the "c" object pointer through the journal_file_next_entry_for_data() call -- which apparently may re-map the journal file, invalidating the pointer.
The attached patch fixes this crash for me, but being unfamiliar with the code, I don't know if I'm doing the right thing. This patch is also available from my github repository: git://github.com/intgr/systemd.git https://github.com/intgr/systemd Regards, Marti For the record, here's the original stack trace at the time of remapping: #0 journal_file_move_to (f=0xbd7210, wt=3, offset=6414200, size=480, ret=0x7fff1d5cdec0) at src/journal/journal-file.c:330 #1 journal_file_move_to_object (f=0xbd7210, type=3, offset=6414200, ret=0x7fff1d5cdf28) at src/journal/journal-file.c:414 #2 generic_array_get (f=0xbd7210, first=69328, i=2546, ret=0x7fff1d5ce0a0, offset=0x7fff1d5ce098) at src/journal/journal-file.c:1101 #3 generic_array_get_plus_one (f=0xbd7210, extra=67744, first=69328, i=5705, ret=0x7fff1d5ce0a0, offset=0x7fff1d5ce098) at src/journal/journal-file.c:1147 #4 journal_file_next_entry_for_data (f=0xbd7210, o=0x7f7cc1c36d28, p=6413608, data_offset=66600, direction=DIRECTION_DOWN, ret=0x7fff1d5ce0a0, offset=0x7fff1d5ce098) at src/journal/journal-file.c:1626 #5 next_with_matches (j=0xbc0010, f=0xbd7210, direction=DIRECTION_DOWN, ret=0x7fff1d5ce120, offset=0x7fff1d5ce128) at src/journal/sd-journal.c:533 #6 next_beyond_location (j=0xbc0010, f=0xbd7210, direction=DIRECTION_DOWN, ret=0x7fff1d5ce170, offset=0x7fff1d5ce178) at src/journal/sd-journal.c:595 #7 real_journal_next (j=0xbc0010, direction=DIRECTION_DOWN) at src/journal/sd-journal.c:651 #8 sd_journal_next (j=0xbc0010) at src/journal/sd-journal.c:686 #9 main (argc=5, argv=0x7fff1d5ce308) at src/journal/journalctl.c:263
From 9266fc6a58065a7c5dab67430fd78925e519dce9 Mon Sep 17 00:00:00 2001 From: Marti Raudsepp <[email protected]> Date: Fri, 9 Mar 2012 16:23:00 +0200 Subject: [PATCH] journal: Don't hold pointers to journal while remapping This would cause a segfault otherwise. --- src/journal/sd-journal.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/src/journal/sd-journal.c b/src/journal/sd-journal.c index baf51db..86ac267 100644 --- a/src/journal/sd-journal.c +++ b/src/journal/sd-journal.c @@ -527,6 +527,9 @@ static int next_with_matches(sd_journal *j, JournalFile *f, direction_t directio * matches are not OK */ r = journal_file_next_entry_for_data(f, c, cp, le64toh(c->entry.items[k].object_offset), direction, &qo, &q); + /* This pointer is invalidated if the window was + * remapped. May need to re-fetch it later */ + c = NULL; if (r < 0) return r; @@ -552,8 +555,15 @@ static int next_with_matches(sd_journal *j, JournalFile *f, direction_t directio /* Did this entry match against all matches? */ if (found) { - if (ret) + if (ret) { + if (c == NULL) { + /* Re-fetch the entry */ + r = journal_file_move_to_object(f, OBJECT_ENTRY, cp, &c); + if (r < 0) + return r; + } *ret = c; + } if (offset) *offset = cp; return 1; -- 1.7.9.3
_______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
