Hi David,<br>
<br>
I went through this code and it&#39;s unlikely that the code below is the <br>
culprit (though I agree it could have been better written). The reason <br>
is that<br>
a) The MonBurr buffer is never smaller than 2K.<br>
b) The maximum size of anything we can ever put in the buffer is 1290:<br>
8 (header) + 256 (hostname) + 1 (colon) + 1024 (path) + 1 (null byte)<br>
c) The code verifies that there is enough buffer space left to accomodate <br>
whatever size was computed and lengths are always tuncated if they exceed <br>
the maximum units and the buffer is flushed and re-initialized if there is <br>
insufficient space.<br>
<br>
Admitedly, using strcpy() as opposed to strncpy() does not take into <br>
account that the hostname may have been truncated to 256 (I will fix <br>
that). However, unless the hostname was not null terminated it would never <br>
be greater than 255 (the DNS maximum). If the hostname was not null <br>
terminated then we should have seen crashes all over the place right off <br>
the bat.<br>
<br>
If you have a core file handy, please make it available along with the <br>
Linux version it was generated on and the xroot release number <br>
(presumably 3.3.3 in all cases). The more core files the better as <br>
seeing an overlay pattern would help. My suspicion is that the object <br>
which was in the runq was deleted without first being removed from the <br>
runq. That&#39;s a more likely scenario at this point. Do you know what the <br>
scheduler was trying to run?<br>
<br>
Andy<br>
<br>
On Thu, 5 Dec 2013, smithdh wrote:<br>
<br>
&gt; Hi,<br>
&gt;<br>
&gt; Some dpm-xrootd sites have reported crashes of their redirector xrootd 3.3.3 daemon (seen once at one SL5 site, and frequently at one SL6 site). (core dumps available, generally they are crashes in XrdScheduler methods because of corrupt XrdJob objects).<br>
&gt;<br>
&gt; I&#39;ve done some investigation, initially to check if the dpm/dmlite components were at fault. In this case I think there is a problem in XrdXrootdMonitor::Redirect. This copy:<br>
&gt;<br>
&gt; [XrdXrootdMonitor.cc:788]<br>
&gt; strcpy(dest, hName); dest += hLen; *dest++ = &#39;:&#39;;<br>
&gt;<br>
&gt; can overwrite past the end of the space allocated for the MonRdrBuff, e.g. if hName is somewhat more than 256 characters longer than Path and the starting point for the entry is close enough to the end of the buffer. I think this condition is now avoided in the master branch, after ipv6 related changes. Would it be cover this situation in 3.3.x ?<br>
&gt;<br>
&gt; Thanks,<br>
&gt; David<br>
&gt;<br>
&gt; ---<br>
&gt; Reply to this email directly or view it on GitHub:<br>
&gt; https://github.com/xrootd/xrootd/issues/64

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br>Reply to this email directly or <a href='https://github.com/xrootd/xrootd/issues/64#issuecomment-30043084'>view it on GitHub</a>.<img src='https://github.com/notifications/beacon/g4FnrgQJfAH8r3ZJCW24C_cxu-GJDtWTSaAWN2A1GoebNdLn6uulmOTzrJKd7y0P.gif' height='1' width='1'></p>
<br>
<hr>
<p align="left">
Use REPLY-ALL to reply to list</p>
<p align="center">To unsubscribe from the XROOTD-DEV list, click the following link:<br>
<a href="https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1" target="_blank">https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1</a>
</p>