[rtg] rtgplot 0.9 problems
Glen Walker
Glen.Walker at kordia.co.nz
Sat Apr 26 01:16:19 EDT 2008
> 2) rtgplot dies after writing an image, looks like it's trying to
write to
> a closed filehandle. If I run from command line, the generated .png
is
> fine, but rtgplot doesn't make a graceful exit. If I call it as a
CGI,
> the .png just has a straight line for the dataset and the same sort of
> errors are logged to Apache's error log.
>
> Anyone seen this and know how to fix?
>
> ./rtgplot-0.9.cgi -c /etc/rtg/rtg.conf -o foo.png
> -d 1:ifInOctets_47:25519 -l 1:1::Traffic
> -p access:440:130::1208821115:1208907515 -vvv
>
> [ ...snip... ]
>
> *** glibc detected *** ./rtgplot-0.9c.cgi: double free or corruption
> (!prev): 0x08e18f28 ***
> ======= Backtrace: =========
> /lib/libc.so.6[0xbbbaa6]
> /lib/libc.so.6(cfree+0x90)[0xbbefc0]
> /usr/lib/mysql/libmysqlclient_r.so.15(my_no_flags_free+0x21)[0x4f32c1]
> /usr/lib/mysql/libmysqlclient_r.so.15(vio_delete+0x30)[0x51c910]
> /usr/lib/mysql/libmysqlclient_r.so.15(end_server+0x26)[0x5179f6]
>
/usr/lib/mysql/libmysqlclient_r.so.15(cli_advanced_command+0xd9)[0x51ad7
9]
> /usr/lib/mysql/libmysqlclient_r.so.15(mysql_close+0x7a)[0x517a9a]
> /usr/lib/mysql/libmysqlclient_r.so.15(mysql_close+0xfe)[0x517b1e]
> /usr/lib/librtgmysql.so(__db_disconnect+0x33)[0x2ee2f3]
> ./rtgplot-0.9c.cgi[0x804e657]
> /lib/libc.so.6(__libc_start_main+0xdc)[0xb6adec]
> ./rtgplot-0.9c.cgi[0x8049291]
>
> Met vriendelijke groet/kind regards,
> bryan
Hi Bryan,
I came across this exact problem recently, it seems to happen because
the function getmysql in librtgmysql returns a MYSQL rather than a
MYSQL*. A MYSQL* for the open connection is kept in thread-local
storage, but getmysql dereferences this pointer to return a plain MYSQL
struct. Returning a struct from a function isn't bad in itself, but we
must remember that what is returned is actually a *copy*, and that any
changes we make do not update the variable in thread-local storage. In
the case of a MYSQL struct this is not what we want.
The MYSQL struct contains several pointers to data on the heap that are
possibly allocated and freed by the MySQL library in the process of
performing queries. Because we are using a copy of the original MYSQL
struct in our MySQL library calls the thread-local variable isn't
updated. When we call mysql_close in __db_disconnect the MySQL library
tries to clean up based on the pointers in the original MYSQL struct
from thread-local storage, some of which are no longer valid, resulting
in a "double free or corruption" error.
To cut a long story short, this can all be fixed by altering
librtgmysql.c so that getmysql returns the MYSQL* straight from
thread-local storage, and updating the code that calls getmysql
appropriately. I have tried this and it fixed the problem, I could
possibly submit a patch if that helps
Regards,
Glen
More information about the RTG
mailing list