Opened 5 years ago
Last modified 4 years ago
#15160 new bug
app_server: NULL dereference in SimpleTransform::Apply
| Reported by: | waddlesplash | Owned by: | axeld |
|---|---|---|---|
| Priority: | normal | Milestone: | Unscheduled |
| Component: | Servers/app_server | Version: | R1/Development |
| Keywords: | Cc: | ||
| Blocked By: | Blocking: | ||
| Platform: | All |
Description (last modified by )
Found by KapiX. Occurs reproducibly on scrolling down on http://1.1.1.1.
Attachments (1)
Change History (8)
by , 5 years ago
| Attachment: | app_server-528-debug-13-07-2019-22-41-16.report added |
|---|
comment:1 by , 5 years ago
| Description: | modified (diff) |
|---|
comment:2 by , 5 years ago
comment:3 by , 5 years ago
Most likely something down the line is getting dynamically allocated; i.e. via inlining. The code looks like it's using a bunch of SSE here, which is indicative of a lot of math going on. Is it possible to run Web+ under test_app_server?
comment:4 by , 5 years ago
Can anyone else still reproduce this? I'm unable to. It's possible this got fixed at some point.
comment:5 by , 5 years ago
We have switched back from rpmalloc to hoard, so currently it will not be reproducible. However the missing error handling in app_server is likely still a problem
comment:6 by , 5 years ago
| Milestone: | R1/beta2 → R1/beta3 |
|---|
comment:7 by , 4 years ago
| Milestone: | R1/beta3 → Unscheduled |
|---|
Moving out of beta3 milestone since it is not so easily reproductible with hoard malloc, making it less urgent to fix.
Note:
See TracTickets
for help on using tickets.
This is strange, the gradient itself is already checked for NULLness at this point (when reading it from the app_server link) and I don't see anything else that would be dynamically allocated.