[KBS2.0]Telnet发文章掉线

水木社区手机版

主题:[KBS2.0]Telnet发文章掉线
楼主|linton|2006-03-07 17:00:54|展开
系统：Solaris 9 x86, gcc 3.3.2, kbs 2.0 CVS

Telnet发文章，按“L”后回车，掉线，但是版面上已经有了该文章，
偶尔也出现过不掉线的情况。

GDB信息：

# gdb /export/home0/bbs/bin/bbsd
GNU gdb 6.0
Copyright 2003 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-pc-solaris2.9"...
(gdb) attach 13472
Attaching to program `/export/home0/bbs/bin/bbsd', process 13472
Reading symbols from /usr/lib/libnsl.so.1...done.
Loaded symbols for /usr/lib/libnsl.so.1
Reading symbols from /usr/lib/libsocket.so.1...done.
Loaded symbols for /usr/lib/libsocket.so.1
Reading symbols from /usr/local/lib/libz.so.1...done.
Loaded symbols for /usr/local/lib/libz.so.1
Reading symbols from /usr/lib/libpthread.so.1...done.
Loaded symbols for /usr/lib/libpthread.so.1
Reading symbols from /usr/local/lib/libltdl.so.3...done.
Loaded symbols for /usr/local/lib/libltdl.so.3
Reading symbols from /usr/lib/libdl.so.1...done.
Loaded symbols for /usr/lib/libdl.so.1
Reading symbols from /usr/lib/libc.so.1...done.
Loaded symbols for /usr/lib/libc.so.1
Reading symbols from /usr/lib/libmp.so.2...done.
Loaded symbols for /usr/lib/libmp.so.2
Reading symbols from /usr/local/lib/libgcc_s.so.1...done.
Loaded symbols for /usr/local/lib/libgcc_s.so.1
Reading symbols from /usr/lib/libthread.so.1...done.
Loaded symbols for /usr/lib/libthread.so.1
sol-thread active.
Retry #1:
Retry #2:
Retry #3:
Retry #4:
[New LWP    1        ]
[New Thread 1 (LWP 1)]
Symbols already loaded for /usr/lib/libnsl.so.1
Symbols already loaded for /usr/lib/libsocket.so.1
Symbols already loaded for /usr/local/lib/libz.so.1
Symbols already loaded for /usr/lib/libpthread.so.1
Symbols already loaded for /usr/local/lib/libltdl.so.3
Symbols already loaded for /usr/lib/libdl.so.1
Symbols already loaded for /usr/lib/libc.so.1
Symbols already loaded for /usr/lib/libmp.so.2
Symbols already loaded for /usr/local/lib/libgcc_s.so.1
Symbols already loaded for /usr/lib/libthread.so.1
[Switching to Thread 1 (LWP 1)]
0xd118d26d in _poll () from /usr/lib/libc.so.1
(gdb) c
Continuing.

Program received signal SIGSEGV, Segmentation fault.
0xd11ab4ee in strncasecmp () from /usr/lib/libc.so.1
(gdb) bt
#0  0xd11ab4ee in strncasecmp () from /usr/lib/libc.so.1
#1  0x080a2e7a in getboardnum (bname=0xd1040240 <Address 0xd1040240 out of bounds>, bh=0x0)
    at bcache.c:329
#2  0x080a2334 in updatelastpost (board=0xd1040240 <Address 0xd1040240 out of bounds>)
    at bcache.c:86
#3  0x080dd10c in after_post (user=0xd057cac0, fh=0x8046a50,
    boardname=0xd1040240 <Address 0xd1040240 out of bounds>, re=0x0, poststat=1,
    session=0x8147900) at article.c:1223
#4  0x080654bf in post_article (conf=0x8046e20, q_file=0x80f7f8a "", re_file=0x0) at bbs.c:2869
#5  0x08063a44 in do_post (conf=0x8046e20, fileinfo=0x816d5cc, extraarg=0x0) at bbs.c:2283
#6  0x080ed810 in read_key (conf=0x8046e20, command=16) at newread.c:228
#7  0x080c6247 in do_select_internal (conf=0x8046e20, key=16) at select.c:368
#8  0x080c62d1 in list_select (conf=0x8046e20, key=16) at select.c:388
#9  0x080c660f in list_select_loop (conf=0x8046e20) at select.c:486
#10 0x080ee966 in new_i_read (cmdmode=DIR_MODE_NORMAL, direct=0x8046fe0 "boards/vote/.DIR",
    dotitle=0x805f8c1 <readtitle>, doentry=0x805fe79 <readdoent>, rcmdlist=0x813c140, ssize=140)
    at newread.c:675
#11 0x0806cddf in Read () at bbs.c:6214
#12 0x080bc270 in fav_onselect (conf=0x80477d0) at boards_t.c:714
#13 0x080c5d8d in do_select_internal (conf=0x80477d0, key=4099) at select.c:268
#14 0x080c6443 in list_select (conf=0x80477d0, key=13) at select.c:425
#15 0x080c660f in list_select_loop (conf=0x80477d0) at select.c:486
#16 0x080bde0a in choose_board (newflag=1, boardprefix=0xd10a27f5 "0", group=0, favmode=0)
    at boards_t.c:1437
#17 0x080ba4d2 in EGroup (cmd=0xd10a2567 "0BBS") at boards_t.c:23
#18 0x080883bf in domenu (menu_name=0xd10a1f61 "M_EGROUP") at comm_lists.c:651
#19 0x080883bf in domenu (menu_name=0x810ef48 "TOPMENU") at comm_lists.c:651
#20 0x080cbe6c in main_bbs (convit=0, argv=0x8047e78 "bbsd:hutu") at newmain_single.c:1141
#21 0x080c4c14 in bbs_main (argv=0x8047e78 "bbsd:hutu") at bbsd_single.c:771
#22 0x080c4ddb in bbs_standalone_main (argv=0x8047e78 "bbsd:hutu") at bbsd_single.c:914
#23 0x080c4f17 in main (argc=3, argv=0x8047d98) at bbsd_single.c:1009
(gdb) frame 1
#1  0x080a2e7a in getboardnum (bname=0xd1040240 <Address 0xd1040240 out of bounds>, bh=0x0)
    at bcache.c:329
329             if (!strncasecmp(bname, bcache[i].filename, STRLEN)) {
(gdb) up 1
#2  0x080a2334 in updatelastpost (board=0xd1040240 <Address 0xd1040240 out of bounds>)
    at bcache.c:86
86          pos = getboardnum(board,NULL);       /* board name --> board No. */
(gdb) p board
$1 = 0xd1040240 <Address 0xd1040240 out of bounds>
--
修改:linton FROM 220.173.136.*
FROM 220.173.136.*
2楼|linton|2006-03-07 17:14:45|展开
好，继续调。
不过俺比较菜，请您说，我动手

【在 stiger (Software like sex,better when it's free) 的大作中提到: 】

:既然是经常会出现，那得看看post_article里什么时候currboard->filename变了。
:继续调？反正经常掉，呵呵，容易。
--
FROM 220.173.136.*
5楼|linton|2006-03-07 17:32:22|展开
怎样在after_post 里加 boardname 这个变量的 watch ？

【在 atppp (Big Mouse) 的大作中提到: 】
: 我觉得不是，他这个是调 updatelastpost 的时候 boardname 指针无效
: 而 after_post 里面调 updatelastpost 之前有过 bid = getbid(boardname, &bh);
: 而且显然是正常运行的，文章都发到版面上了说明 after_post 写入 .DIR 正常
: 所以应该是 after_post 里面加 boardname 这个变量的 watch，也许能抓到什么
: 代码非法的改了它的值
--
FROM 220.173.136.*
6楼|linton|2006-03-07 17:53:01|展开
(gdb) info lo
buf = "boards/test/.DIR", '\0' <repeats 44 times>, "\001\000\000\000筡000\000\000\000\000\000\000\001\000\000\000\001\000\000\000l蟎026\b\000\000\000\000╙\004\027jW\rD\n\000\000\000朗W蠤闬023\b\000\000\000\000朗W蠤羂023\b豜\004\by韁t\b\000j\004\b\001\000\000\000<g\004\b\b^\004\b\030^\004\b\001\000\000\000豜\004\b/頫t\b\027\000\000\000\027\000\000\000\001\000\000\000\000\000\000\000\030^\004\b8t\026\b\000\000\000\000\001\000\000\000\027\000\000\000\000\000\000\000\030^\004\b诡\t\b\000j\004\b\001\000\000\000\000\000\000\000<g\004\b\b^\004\b\001\000\000\000\030^"...
fd = 3
err = 0
nowid = 2862
p = 0x8046aa1 ""
oldpath = "boards/test/M.1141725033.S0\000自动换行发表, (A)取消,"
newpath = '\0' <repeats 49 times>
filtered = 0
bh = (struct boardheader *) 0xd1041680
bid = 11
(gdb) p boardname
$2 = 0xd1041680 <Address 0xd1041680 out of bounds>
--
FROM 220.173.136.*
8楼|linton|2006-03-07 18:08:48|展开
下面的调试步骤可否有问题?  还需怎样进一步的调试?

(gdb) attach 13659
Attaching to program `/export/home0/bbs/bin/bbsd', process 13659
.......
Retry #1:
Retry #2:
Retry #3:
Retry #4:
[New LWP    1        ]
[New Thread 1 (LWP 1)]
Symbols already loaded for /usr/lib/libnsl.so.1
Symbols already loaded for /usr/lib/libsocket.so.1
Symbols already loaded for /usr/local/lib/libz.so.1
Symbols already loaded for /usr/lib/libpthread.so.1
Symbols already loaded for /usr/local/lib/libltdl.so.3
Symbols already loaded for /usr/lib/libdl.so.1
Symbols already loaded for /usr/lib/libc.so.1
Symbols already loaded for /usr/lib/libmp.so.2
Symbols already loaded for /usr/local/lib/libgcc_s.so.1
Symbols already loaded for /usr/lib/libthread.so.1
[Switching to Thread 1 (LWP 1)]
0xd118d26d in _poll () from /usr/lib/libc.so.1
(gdb) b after_post
Breakpoint 1 at 0x80dccfb: file article.c, line 1098.
(gdb) c
Continuing.

Breakpoint 1, after_post (user=0xd057cac0, fh=0x8046a50, boardname=0xd1041680 "test", re=0x0,
    poststat=1, session=0x8147900) at article.c:1098
1098        int fd, err = 0, nowid = 0;
(gdb) watch boardname
Watchpoint 2: boardname
(gdb) p boardname
$1 = 0xd1041680 "test"
(gdb) c
Continuing.

Watchpoint 2 deleted because the program has left the block in
which its expression is valid.
0xd117f790 in strncmp () from /usr/lib/libc.so.1
(gdb) p boardname
No symbol "boardname" in current context.
(gdb) bt
#0  0xd117f790 in strncmp () from /usr/lib/libc.so.1
#1  0x08046a9c in ?? ()
#2  0x08128db1 in post_sufix.0 ()
#3  0x00000004 in ?? ()
#4  0x08045c58 in ?? ()
#5  0xd10dccf1 in read () from /usr/lib/libthread.so.1
#6  0x080654bf in post_article (conf=0x8046e20, q_file=0x80f7f8a "", re_file=0x0) at bbs.c:2869
#7  0x08063a44 in do_post (conf=0x8046e20, fileinfo=0x816de00, extraarg=0x0) at bbs.c:2283
#8  0x080ed810 in read_key (conf=0x8046e20, command=16) at newread.c:228
#9  0x080c6247 in do_select_internal (conf=0x8046e20, key=16) at select.c:368
#10 0x080c62d1 in list_select (conf=0x8046e20, key=16) at select.c:388
#11 0x080c660f in list_select_loop (conf=0x8046e20) at select.c:486
#12 0x080ee966 in new_i_read (cmdmode=DIR_MODE_NORMAL, direct=0x8046fe0 "boards/test/.DIR",
    dotitle=0x805f8c1 <readtitle>, doentry=0x805fe79 <readdoent>, rcmdlist=0x813c140, ssize=140)
    at newread.c:675
#13 0x0806cddf in Read () at bbs.c:6214
#14 0x080bc270 in fav_onselect (conf=0x80477d0) at boards_t.c:714
#15 0x080c5d8d in do_select_internal (conf=0x80477d0, key=4099) at select.c:268
#16 0x080c6443 in list_select (conf=0x80477d0, key=13) at select.c:425
#17 0x080c660f in list_select_loop (conf=0x80477d0) at select.c:486
#18 0x080bde0a in choose_board (newflag=1, boardprefix=0xd10a27f5 "0", group=0, favmode=0)
    at boards_t.c:1437
#19 0x080ba4d2 in EGroup (cmd=0xd10a2567 "0BBS") at boards_t.c:23
#20 0x080883bf in domenu (menu_name=0xd10a1f61 "M_EGROUP") at comm_lists.c:651
#21 0x080883bf in domenu (menu_name=0x810ef48 "TOPMENU") at comm_lists.c:651
#22 0x080cbe6c in main_bbs (convit=0, argv=0x8047e78 "bbsd:hutu") at newmain_single.c:1141
#23 0x080c4c14 in bbs_main (argv=0x8047e78 "bbsd:hutu") at bbsd_single.c:771
#24 0x080c4ddb in bbs_standalone_main (argv=0x8047e78 "bbsd:hutu") at bbsd_single.c:914
#25 0x080c4f17 in main (argc=3, argv=0x8047d98) at bbsd_single.c:1009
(gdb) frame 6
#6  0x080654bf in post_article (conf=0x8046e20, q_file=0x80f7f8a "", re_file=0x0) at bbs.c:2869
2869        returnvalue =
(gdb) i lo
post_file = {filename = "M.1141726563.1j\000\000\000\000", id = 0, groupid = 0, reid = 0,
  o_bid = 0, o_id = 0, o_groupid = 0, o_reid = 0, innflag = "LL",
  owner = "hutu\000\000\000\000\000\000\000\000\000", eff_size = 0, posttime = 0, attachment = 0,
  title = "ok", '\0' <repeats 57 times>, accessed = "\000\000\000"}
filepath = "boards/test/M.1141726563.1j", '\0' <repeats 17 times>, "0[本站]      新手操练区", '\0' <repeats 12 times>
buf = "ok\000tts\000e纈\004\b\026\b\000[1 \002\000\000\000\002\000\000\000\002\000\000\000\000\000\000\000衜\004\bHi\004\b\214i\004\b\210i\004\b\004\b鴠\004\bk颸020\b!\000\000\000\004\000\000\000╥\004\bB縗n\ba蚛r裓000\000\000\000?\025\bN\005\000\000覩\000\000\004\000\000\000\210i\004\b犎\f\b\000\000\000\000?\025\bN\005\000\0000璡n\bO\000\000\000\027\000\000\000\bk\004\b8璡n\bES] 衜\004\b\005\000\000\000\004\b\e[33m44m(\000\000\000痄\016\b\023\000\000\000\026\b豮\004\b\016\b \e[1;33m"...
buf2 = "\e[1;32mP\e[m使用模板，\e[1;32mb\e[m回复到信箱，\e[1;32mT\e[m改标题，\e[1;32mEnter\e[m继续: \000h\004\bPi\004\b\034襖026\b\e[4B\0003m\000\004\000\000\000\004\000\000\000\000\000\000\000朗W衆230h\004\bi絓n\b1;\000\b\000\020\000\000!裓000?熏h\004\b\001\000\000\000\000\000\000\000衜\004\b\e[9C\000i\004\b\000?裓020i\004\b\bi\004\b[i\004\b\220I!裺\000\000\000\000\000\000\000(瞈e?...
buf3 = "引言模式 [S]\000f\b餲\004\b\035\000\000H\030h\004\b帼\f\bH\000\000\000dh\004\b鴊\004\bi絓n\b\004\000\000\000\000\020\000\000>\200\017\b鱣\004\b\e[20;2H\000覩\000\000彼\f\b"
buf4 = "ok\000\b(瞈e裓206\200\017\b詆\004\b蘥\004\b鱣\004\b?\177\005j\004\b\002\000\000\000\001?裓230i\004\b|\004\006\b竒\004\bΦ\e裠骪020\b蘥\004\b╣\004\b\004\000\000\000\025\000\000\000鱣\004\b"
use_tmpl = 0
aborted = 1
anonyboard = 0
replymode = 0
ans = "\000g\004\b胕\n\b"
ooo = 0 '\0'
include_mode = 83 'S'
bp = (struct boardheader *) 0xd1041680
eff_size = 0
nUpload = 0
ai = {{
---Type <return> to continue, or q <return> to quit---
    name = "\202\0014衆001", '\0' <repeats 15 times>, "╝\004\b9t\b\202\0014\000\000c\004\b╝\004\b\216\000\n\b\202\0014衆000\000\000\0008e\004\b萬\004\b", offset = 0, length = 134505639,
    size = 135295505}, {
    name = "d\000\000\000d\000\000\000I\000\000\000\202\0014衆017\000\000\000\000\000\000\000Hh\004\bs\v\n\b\017\000\000\000\000\000\000\000\000\0004绪\n\n\b\177\002\000\000\000\001\000\000", offset = 0, length = 0, size = 0}, {
    name = "\224\002!裓000\000\000\000\000\000\000\000\000?裓000b\004\ba_\031裓016", '\0' <repeats 11 times>, "\017\000\000\000\030f\004\b鋅b\032?╘037养}\004\bT}\004\b\000??, offset = 0,
    length = 135430235, size = 0}, {
    name = "\000\000\000\000\224\002!裓000\000\000\000\004\b\000?裀b\004\ba_\031裓210\002!养}\004\bT}\004\b\000?裩f\004\b鋅b\032?╘037养}\004\bT}\004\b", offset = -786370560, length = 1,
    size = 0}, {
    name = "\000\000\000\000\000\000\000\000xb5\000\000\000\000\000e偌C\000\000\000\000\001\000\000\000\000readtre\000\000\000\000\000\000\000\000M鸺C\000\000\000\000\000\000\000\000s\000\000\000\a\000\000", offset = 134508145, length = 0, size = 0}, {
    name = "\017\207\020\b\000\000\000\000\000\000\000\000ni\000\000li\000\000\000\000\000\000'缂C\224\002!裓000\000\000\000\004\b\000?裓224\002!裓000\000\000\000\004\b\000?裓020c\004\b",
    offset = -786866335, length = -801898496, size = 386}, {
    name = "\000\0004?\0004?\0004衪\0004衭\0004衯\0004衱\0004衵\0004衺\0004小\0004衆005\0014衆006\0014衆224\002!裓000\000\000\000\004\b\000??, offset = -786365804, length = 0,
    size = 134512290}, {
    name = "\000?裵c\004\ba_\031裓210\002!养}\004\bT}\004\b\000?裓210g\004\b鋅b\032?╘037养}\004\bT}\004\b\000?裓000\000\000\000\001\000\000\000\000\000\000", offset = 0, length = 115,
    size = 5}, {
    name = "\237o\004\b\000\000\000\000\000\000\000\000\017\207\020\b\000\000\000\000\000\000\000\000\000o\004\bイ\e裓030o\004\b鴠\004\b覩\000\000\000?裓000\000\000\000\a\000\000\000\001\000\000\000\000\000\000", offset = 0, length = 0, size = 134508478}, {
    name = "\210\200\022\b\001\000\000\000\000\000\000\000\000?裀o\004\bY鉢e裓000\000\000\000\000\000\000\000イ\e裓000\000\000\000\000\000\000\000\224\002!褆d\004\bxd\004\b磀\004\b@d\004\b",
    offset = -786866335, length = 4, size = 134512120}, {
    name = "T}\004\b\000?裩d\004\b(瞈e裓204G\000\000彼\f\b?\025\bj襖026\b\001\000\000\000磀\004\b癲\004\b\001\000\000\000\224\002!裓000\000\000\000\004\b\000??, offset = 134505616,
---Type <return> to continue, or q <return> to quit---
    length = -786866335, size = 3508601480}, {
    name = "鴠\004\bT}\004\b\000?穴h\004\b鋅b\032?╘037养}\004\bT}\004\b\000?裈}\004\b\000?裓e[4B\000\000\000\000\001\000\000\000\000\000\000\000\000\000\000", offset = 0, length = 0,
    size = 135323019}, {
    name = "\000\000\000\000\000\000\000\000\000see\000\000ner\000\000\000\000\000\000\000\003\004\031养}\004\bT}\004\b朗W需e\004\b-\000\000\000\016\000\000\0006\000\000\000\000\000\000\000\000\000\000", offset = 0, length = 2, size = 23}, {
    name = "\001\000\000\000c\000\000\000\000\000\000\000/", '\0' <repeats 11 times>, "I\000\000\000\003\004\031养}\004\bT}\004\b朗W?f\004\b愎\n\bpe\004\bfg\004\b\002\000\000",
    offset = 1136528878, length = 1, size = 1970566400}, {
    name = "\000\000\000ee\000\000\00033\000裓000?牙p\004\b躤\004\b豦\004\b鬳\004\bV\t\000\000\000??\000\000\000\000??\000\000\000イ\e補蚛r裓000\000\000", offset = 135609537, length = 553,
    size = 18308}, {
    name = "\004\000\000\000豦\004\b犎\f\b\000\000\000\000?\025\b)\002\000\0000璡n\bN\000\000\000\027\000\000\000Xg\004\b8璡n\b\024q\004\b朗W?\000\000\000鬳\004\b\e[33", offset = 1832137837,
    length = -786347613, size = 3508596736}, {
    name = "\034f\004\bfF\016养}\004\b@羂023\b\000\000\000\000\000\000\f裓020g\004\b\034襖026\bxf\004]\002\000\000\000\004\000\000\000\004\000\000\000\000\000\000\000朗W蠿f\004\bi絓n\b",
    offset = 134506267, length = 4096, size = 3508619683}, {
    name = "\000?裭f\004\b\0211\031迅f\004\bB縗n\b\020g\004\bjg\004\b\000?研f\004\b萬\004\b\eg\004\b\220I!裺\000\000\000\000\000\000\000(瞈e讶颸020\b", offset = 134506168, length = 0, size = 1},
  {
    name = "蜂\020\b萬\004\b╢\004\b朗W恤\177\000\000\000\000\000\b\000\000\000\000\000\000hh\004\b\220耚f\b\000\b\000\000\000\000\000\000hh\004\b{耚f\b$\226\032燕f\004\b", offset = -786889725,
    length = 0, size = 2}, {
    name = "\000\000\000\000T}\004\b垂\n\b\020g\004\b磣\017\b\000\000\000\000k颸020\bk颸020\b\004\000\000\000\000\000\000\000\002]\rD\"鬨027养}\004\bT}\004\b朗W衕utu", offset = 1936029031,
    length = 134506312, size = 134909908}}
mailback = 0
ret = 8
direct = "boards/test/.DIR\000`\004\b\023r\020\b\000\000\000\000\000\000\000\000\234=\nD\234=\nD\001\000\000\000\000urr\000ca\000xb\000\000\000\000\000\000bP\nDbP\nD\001\000\000\000\000utu\000ky\000---Type <return> to continue, or q <return> to quit---
e\000\000\000\000\000\000\000Bc\nDBc\nD\001\000\000\000\000utu\000\000a\00086\000\000\000\000\000\0007!\fDUA\fD\n\000\000\000\000utu\000ca\000e\000\000\000\000\000\000\000\224v\nD\224v\nD\001\000\000\000\000utu\000\000y\000\000\000\000\000\000\000\000\000w靄fD\223馶fD\004\000\000\000\000utu\000tree\000\000\000\000\000\000\000"...
cmdmode = 0
returnvalue = 1920299879
(gdb)

【在 atppp (Big Mouse) 的大作中提到: 】
: 准备发文
: gdb挂上
: (gdb) b after_post
: ...................
--
修改:linton FROM 220.173.136.*
FROM 220.173.136.*
10楼|linton|2006-03-08 21:18:26|展开
(gdb) b after_post
Breakpoint 1 at 0x80dccfb: file article.c, line 1098.
(gdb) c
Continuing.

Breakpoint 1, after_post (user=0xd057cac0, fh=0x8046a50, boardname=0xd1045580 "news",
    re=0x0, poststat=1, session=0x8147900) at article.c:1098
1098    article.c: No such file or directory.
        in article.c
(gdb)  watch boardname
Watchpoint 2: boardname
(gdb)  p boardname
$1 = 0xd1045580 "news"
(gdb) bt
#0  after_post (user=0xd057cac0, fh=0x8046a50, boardname=0xd1045580 "news", re=0x0,
    poststat=1, session=0x8147900) at article.c:1098
#1  0x080654bf in post_article (conf=0x8046e20, q_file=0x80f7f8a "", re_file=0x0) at bbs.c:2869
#2  0x08063a44 in do_post (conf=0x8046e20, fileinfo=0x816d9a0, extraarg=0x0) at bbs.c:2283
#3  0x080ed810 in read_key (conf=0x8046e20, command=16) at newread.c:228
#4  0x080c6247 in do_select_internal (conf=0x8046e20, key=16) at select.c:368
#5  0x080c62d1 in list_select (conf=0x8046e20, key=16) at select.c:388
#6  0x080c660f in list_select_loop (conf=0x8046e20) at select.c:486
#7  0x080ee966 in new_i_read (cmdmode=DIR_MODE_NORMAL, direct=0x8046fe0 "boards/news/.DIR",
    dotitle=0x805f8c1 <readtitle>, doentry=0x805fe79 <readdoent>, rcmdlist=0x813c140, ssize=140)
    at newread.c:675
#8  0x0806cddf in Read () at bbs.c:6214
#9  0x080bc270 in fav_onselect (conf=0x80477d0) at boards_t.c:714
#10 0x080c5d8d in do_select_internal (conf=0x80477d0, key=4099) at select.c:268
#11 0x080c6443 in list_select (conf=0x80477d0, key=13) at select.c:425
#12 0x080c660f in list_select_loop (conf=0x80477d0) at select.c:486
#13 0x080bde0a in choose_board (newflag=1, boardprefix=0xd10a2809 "2", group=0, favmode=0)
    at boards_t.c:1437
#14 0x080ba4d2 in EGroup (cmd=0xd10a25be "2Campus") at boards_t.c:23
#15 0x080883bf in domenu (menu_name=0xd10a1f61 "M_EGROUP") at comm_lists.c:651
#16 0x080883bf in domenu (menu_name=0x810ef48 "TOPMENU") at comm_lists.c:651
#17 0x080cbe6c in main_bbs (convit=0, argv=0x8047e78 "bbsd:linton") at newmain_single.c:1141
#18 0x080c4c14 in bbs_main (argv=0x8047e78 "bbsd:linton") at bbsd_single.c:771
#19 0x080c4ddb in bbs_standalone_main (argv=0x8047e78 "bbsd:linton") at bbsd_single.c:914
#20 0x080c4f17 in main (argc=3, argv=0x8047d98) at bbsd_single.c:1009
(gdb) c
Continuing.

Watchpoint 2 deleted because the program has left the block in
which its expression is valid.
0xd117f790 in strncmp () from /usr/lib/libc.so.1
(gdb)  watch boardname
No symbol "boardname" in current context.
(gdb)  p boardname
No symbol "boardname" in current context.
(gdb) bt
#0  0xd117f790 in strncmp () from /usr/lib/libc.so.1
#1  0x08046a9c in ?? ()
#2  0x08128db1 in post_sufix.0 ()
#3  0x00000004 in ?? ()
#4  0x08045c58 in ?? ()
#5  0xd10dccf1 in read () from /usr/lib/libthread.so.1
#6  0x080654bf in post_article (conf=0x8046e20, q_file=0x80f7f8a "", re_file=0x0) at bbs.c:2869
#7  0x08063a44 in do_post (conf=0x8046e20, fileinfo=0x816d9a0, extraarg=0x0) at bbs.c:2283
#8  0x080ed810 in read_key (conf=0x8046e20, command=16) at newread.c:228
#9  0x080c6247 in do_select_internal (conf=0x8046e20, key=16) at select.c:368
#10 0x080c62d1 in list_select (conf=0x8046e20, key=16) at select.c:388
#11 0x080c660f in list_select_loop (conf=0x8046e20) at select.c:486
#12 0x080ee966 in new_i_read (cmdmode=DIR_MODE_NORMAL, direct=0x8046fe0 "boards/news/.DIR",
    dotitle=0x805f8c1 <readtitle>, doentry=0x805fe79 <readdoent>, rcmdlist=0x813c140, ssize=140)
    at newread.c:675
#13 0x0806cddf in Read () at bbs.c:6214
#14 0x080bc270 in fav_onselect (conf=0x80477d0) at boards_t.c:714
#15 0x080c5d8d in do_select_internal (conf=0x80477d0, key=4099) at select.c:268
#16 0x080c6443 in list_select (conf=0x80477d0, key=13) at select.c:425
#17 0x080c660f in list_select_loop (conf=0x80477d0) at select.c:486
#18 0x080bde0a in choose_board (newflag=1, boardprefix=0xd10a2809 "2", group=0, favmode=0)
    at boards_t.c:1437
#19 0x080ba4d2 in EGroup (cmd=0xd10a25be "2Campus") at boards_t.c:23
#20 0x080883bf in domenu (menu_name=0xd10a1f61 "M_EGROUP") at comm_lists.c:651
#21 0x080883bf in domenu (menu_name=0x810ef48 "TOPMENU") at comm_lists.c:651
#22 0x080cbe6c in main_bbs (convit=0, argv=0x8047e78 "bbsd:linton") at newmain_single.c:1141
#23 0x080c4c14 in bbs_main (argv=0x8047e78 "bbsd:linton") at bbsd_single.c:771
#24 0x080c4ddb in bbs_standalone_main (argv=0x8047e78 "bbsd:linton") at bbsd_single.c:914
#25 0x080c4f17 in main (argc=3, argv=0x8047d98) at bbsd_single.c:1009

(gdb) n
Single stepping until exit from function strncmp,
which has no line number information.
after_post (user=0xd057cac0, fh=0x8046a50, boardname=0xd1045340 "News", re=0x0, poststat=1,
    session=0x8147900) at article.c:1111

(gdb) c
Continuing.

Program received signal SIGSEGV, Segmentation fault.
0xd11ab4ee in strncasecmp () from /usr/lib/libc.so.1
(gdb) bt
#0  0xd11ab4ee in strncasecmp () from /usr/lib/libc.so.1
#1  0x080a2e7a in getboardnum (bname=0xd1045340 <Address 0xd1045340 out of bounds>, bh=0x0)
    at bcache.c:329
#2  0x080a2334 in updatelastpost (board=0xd1045340 <Address 0xd1045340 out of bounds>)
    at bcache.c:86
#3  0x080dd10c in after_post (user=0xd057cac0, fh=0x8046a50,
    boardname=0xd1045340 <Address 0xd1045340 out of bounds>, re=0x0, poststat=1, session=0x8147900)
    at article.c:1223
#4  0x080654bf in post_article (conf=0x8046e20, q_file=0x80f7f8a "", re_file=0x0) at bbs.c:2869
#5  0x08063a44 in do_post (conf=0x8046e20, fileinfo=0x816d888, extraarg=0x0) at bbs.c:2283
#6  0x080ed810 in read_key (conf=0x8046e20, command=16) at newread.c:228

【在 atppp (Big Mouse) 的大作中提到: 】
: 啥毛病也没看出来。。。
--
修改:linton FROM 202.193.15.*
FROM 220.173.136.*
12楼|linton|2006-03-09 14:54:42|展开
(gdb)  b after_post
Breakpoint 1 at 0x80dccfb: file article.c, line 1098.
(gdb) c
Continuing.

Breakpoint 1, after_post (user=0xd057cac0, fh=0x8046a50, boardname=0xd1041680 "test", re=0x0,
    poststat=1, session=0x8147900) at article.c:1098
1098        int fd, err = 0, nowid = 0;
(gdb) watch boardname
Watchpoint 2: boardname
(gdb) n
1105        struct boardheader *bh = NULL;
(gdb) n
1108        if ((re == NULL) && (!strncmp(fh->title, "Re: ", 4))) {
(gdb) n

Watchpoint 2 deleted because the program has left the block in
which its expression is valid.
0xd117f790 in strncmp () from /usr/lib/libc.so.1
(gdb) n
Single stepping until exit from function strncmp,
which has no line number information.
after_post (user=0xd057cac0, fh=0x8046a50, boardname=0xd1041680 "test", re=0x0, poststat=1,
    session=0x8147900) at article.c:1111
1111        bid = getbid(boardname, &bh);
(gdb) n
1113        setbfile(oldpath, boardname, fh->filename);
(gdb) n
1114        filtered = 0;
(gdb) n
1115        if (strcmp(fh->owner, DELIVER)) {
(gdb) n
1116            if (((bh && bh->level & PERM_POSTMASK) || normal_board(boardname)) && strcmp(boardname, FILTER_BOARD)
(gdb) n
1128                if (check_badword_str(fh->title, strlen(fh->title), session) || check_badword(oldpath, fh->attachment, session))
(gdb) n
1178        setbfile(buf, boardname, DOT_DIR);
(gdb) n
1180        if ((fd = open(buf, O_WRONLY | O_CREAT, 0664)) == -1) {
(gdb) n
1189        for (p = fh->title; *p; p++)
(gdb) n
1190            if (*p == '\x1b')
(gdb) n
1189        for (p = fh->title; *p; p++)
(gdb) n
1190            if (*p == '\x1b')
(gdb) n
1189        for (p = fh->title; *p; p++)
(gdb) n
1190            if (*p == '\x1b')
(gdb) n
1189        for (p = fh->title; *p; p++)
(gdb) n
1190            if (*p == '\x1b')
(gdb) n
1189        for (p = fh->title; *p; p++)
(gdb) n
1193        if (!err) {
(gdb) n
1194            flock(fd, LOCK_EX);
(gdb) n
1195            nowid = get_nextid(boardname);
(gdb) n
1196            fh->id = nowid;
(gdb) n
1197            if (re == NULL) {
(gdb) n
1198                fh->groupid = fh->id;
(gdb) n
1199                fh->reid = fh->id;
(gdb) n
1204            set_posttime(fh);
(gdb) n
1205            lseek(fd, 0, SEEK_END);
(gdb) n
1206            if (safewrite(fd, fh, sizeof(fileheader)) == -1) {
(gdb) n
1210            flock(fd, LOCK_UN);
(gdb) n
1211            close(fd);
(gdb) n
1213        if (err) {
(gdb) n
1223        updatelastpost(boardname);
(gdb) n

Program received signal SIGSEGV, Segmentation fault.
0xd11ab4ee in strncasecmp () from /usr/lib/libc.so.1

【在 atppp (Big Mouse) 的大作中提到: 】
: 一条条n吧兄弟。。。
--
FROM 220.173.136.*
14楼|linton|2006-03-09 15:09:37|展开
(gdb)  b after_post
Breakpoint 1 at 0x80dccfb: file article.c, line 1098.
(gdb) c
Continuing.

Breakpoint 1, after_post (user=0xd057cac0, fh=0x8046a50, boardname=0xd1041680 "test", re=0x0,
    poststat=1, session=0x8147900) at article.c:1098
1098        int fd, err = 0, nowid = 0;
(gdb) watch boardname
Watchpoint 2: boardname
(gdb) p boardname
$1 = 0xd1041680 "test"
(gdb) n
1105        struct boardheader *bh = NULL;
(gdb) p boardname
$2 = 0xd1041680 "test"
(gdb) n
1108        if ((re == NULL) && (!strncmp(fh->title, "Re: ", 4))) {
(gdb) p boardname
$3 = 0xd1041680 "test"
(gdb) n

Watchpoint 2 deleted because the program has left the block in
which its expression is valid.
0xd117f790 in strncmp () from /usr/lib/libc.so.1
(gdb) p boardname
No symbol "boardname" in current context.
(gdb) n
Single stepping until exit from function strncmp,
which has no line number information.
after_post (user=0xd057cac0, fh=0x8046a50, boardname=0xd1041680 "test", re=0x0, poststat=1,
    session=0x8147900) at article.c:1111
1111        bid = getbid(boardname, &bh);
(gdb) p boardname
$4 = 0xd1041680 "test"
(gdb) n
1113        setbfile(oldpath, boardname, fh->filename);
(gdb) p boardname
$5 = 0xd1041680 "test"
(gdb) n
1114        filtered = 0;
(gdb) p boardname
$6 = 0xd1041680 "test"
(gdb) n
1115        if (strcmp(fh->owner, DELIVER)) {
(gdb) p boardname
$7 = 0xd1041680 "test"
(gdb) n
1116            if (((bh && bh->level & PERM_POSTMASK) || normal_board(boardname)) && strcmp(boardname, FILTER_BOARD)
(gdb) p boardname
$8 = 0xd1041680 "test"
(gdb) n
1128                if (check_badword_str(fh->title, strlen(fh->title), session) || check_badword(oldpath, fh->attachment, session))
(gdb) p boardname
$9 = 0xd1041680 "test"
(gdb) n
1178        setbfile(buf, boardname, DOT_DIR);
(gdb) p boardname
$10 = 0xd1041680 "test"
(gdb) n
1180        if ((fd = open(buf, O_WRONLY | O_CREAT, 0664)) == -1) {
(gdb) p boardname
$11 = 0xd1041680 "test"
(gdb) n
1189        for (p = fh->title; *p; p++)
(gdb) p boardname
$12 = 0xd1041680 "test"
(gdb) n
1190            if (*p == '\x1b')
(gdb) p boardname
$13 = 0xd1041680 "test"
(gdb) n
1189        for (p = fh->title; *p; p++)
(gdb) p boardname
$14 = 0xd1041680 "test"
(gdb) n
1190            if (*p == '\x1b')
(gdb) p boardname
$15 = 0xd1041680 "test"
(gdb) n
1189        for (p = fh->title; *p; p++)
(gdb) p boardname
$16 = 0xd1041680 "test"
(gdb) n
1190            if (*p == '\x1b')
(gdb) p boardname
$17 = 0xd1041680 "test"
(gdb) n
1189        for (p = fh->title; *p; p++)
(gdb) p boardname
$18 = 0xd1041680 "test"
(gdb) n
1193        if (!err) {
(gdb) p boardname
$19 = 0xd1041680 "test"
(gdb) n
1194            flock(fd, LOCK_EX);
(gdb) p boardname
$20 = 0xd1041680 "test"
(gdb) n
1195            nowid = get_nextid(boardname);
(gdb) p boardname
$21 = 0xd1041680 "test"
(gdb) n
1196            fh->id = nowid;
(gdb) p boardname
$22 = 0xd1041680 <Address 0xd1041680 out of bounds>
(gdb) n
1197            if (re == NULL) {
(gdb) p boardname
$23 = 0xd1041680 <Address 0xd1041680 out of bounds>
(gdb) n
1198                fh->groupid = fh->id;
(gdb) p boardname
$24 = 0xd1041680 <Address 0xd1041680 out of bounds>
(gdb) n
1199                fh->reid = fh->id;
(gdb) p boardname
$25 = 0xd1041680 <Address 0xd1041680 out of bounds>
(gdb) n
1204            set_posttime(fh);
(gdb) p boardname
$26 = 0xd1041680 <Address 0xd1041680 out of bounds>
(gdb) n
1205            lseek(fd, 0, SEEK_END);
(gdb) p boardname
$27 = 0xd1041680 <Address 0xd1041680 out of bounds>
(gdb) n
1206            if (safewrite(fd, fh, sizeof(fileheader)) == -1) {
(gdb) p boardname
$28 = 0xd1041680 <Address 0xd1041680 out of bounds>
(gdb) n
1210            flock(fd, LOCK_UN);
(gdb) p boardname
$29 = 0xd1041680 <Address 0xd1041680 out of bounds>
(gdb) n
1211            close(fd);
(gdb) p boardname
$30 = 0xd1041680 <Address 0xd1041680 out of bounds>
(gdb) n
1213        if (err) {
(gdb) p boardname
$31 = 0xd1041680 <Address 0xd1041680 out of bounds>
(gdb) n
1223        updatelastpost(boardname);
(gdb) p boardname
$32 = 0xd1041680 <Address 0xd1041680 out of bounds>
(gdb) n

Program received signal SIGSEGV, Segmentation fault.
0xd11ab4ee in strncasecmp () from /usr/lib/libc.so.1
(gdb) p boardname
No symbol "boardname" in current context.
(gdb) n
Single stepping until exit from function strncasecmp,
which has no line number information.
warning: rw_common (): unable to read at addr 0xd10f6500
warning: rw_common (): unable to read at addr 0xd10f6500
thread_to_lwp: td_ta_map_id2thr Debugger service failed
【在 atppp (Big Mouse) 的大作中提到: 】
: ft看来还真的是这里？...
: watch用不了那你就n一条就打印一次boardname，看什么时候变了...
: 辛苦了！
: ...................
--
FROM 220.173.136.*
15楼|linton|2006-03-09 15:11:31|展开
不辛苦，虽然比较菜，有什么尽管吩咐

【在 atppp (Big Mouse) 的大作中提到: 】
: ft看来还真的是这里？...
: watch用不了那你就n一条就打印一次boardname，看什么时候变了...
: 辛苦了！
: ...................
--
FROM 220.173.136.*
17楼|linton|2006-03-09 17:39:52|展开
非常感谢~~~~~~~~
按照下面的改后，TELNET发文章掉线解决了：http://cvs.kcn.cn/core.cgi/kbs_bbs/libBBS/bcache.c?r1=3.69.2.2&r2=3.69.2.3&pathrev=v1_2&view=patch

好像包括前面的批注册单，输入系统管理密码错误等掉线的问题也没了

【在 atppp (Big Mouse) 的大作中提到: 】
: 我已经明白了，这个问题我早就提过不过忘记了:(
: http://cvs.kcn.cn/core.cgi/kbs_bbs/libBBS/bcache.c?view=log&pathrev=v1_2
: bcache_setreadonly()函数会重新mmap .BOARDS，这之后currboard指针可能会变化，
: ...................
--
FROM 220.173.136.*