系统：Solaris 9 x86, gcc 3.3.2, kbs 2.0 CVS

Telnet发文章，按“L”后回车，掉线，但是版面上已经有了该文章，
偶尔也出现过不掉线的情况。

GDB信息：

# gdb /export/home0/bbs/bin/bbsd
GNU gdb 6.0
Copyright 2003 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-pc-solaris2.9"...
(gdb) attach 13472
Attaching to program `/export/home0/bbs/bin/bbsd', process 13472
Reading symbols from /usr/lib/libnsl.so.1...done.
Loaded symbols for /usr/lib/libnsl.so.1
Reading symbols from /usr/lib/libsocket.so.1...done.
Loaded symbols for /usr/lib/libsocket.so.1
Reading symbols from /usr/local/lib/libz.so.1...done.
Loaded symbols for /usr/local/lib/libz.so.1
Reading symbols from /usr/lib/libpthread.so.1...done.
Loaded symbols for /usr/lib/libpthread.so.1
Reading symbols from /usr/local/lib/libltdl.so.3...done.
Loaded symbols for /usr/local/lib/libltdl.so.3
Reading symbols from /usr/lib/libdl.so.1...done.
Loaded symbols for /usr/lib/libdl.so.1
Reading symbols from /usr/lib/libc.so.1...done.
Loaded symbols for /usr/lib/libc.so.1
Reading symbols from /usr/lib/libmp.so.2...done.
Loaded symbols for /usr/lib/libmp.so.2
Reading symbols from /usr/local/lib/libgcc_s.so.1...done.
Loaded symbols for /usr/local/lib/libgcc_s.so.1
Reading symbols from /usr/lib/libthread.so.1...done.
Loaded symbols for /usr/lib/libthread.so.1
sol-thread active.
Retry #1:
Retry #2:
Retry #3:
Retry #4:
[New LWP    1        ]
[New Thread 1 (LWP 1)]
Symbols already loaded for /usr/lib/libnsl.so.1
Symbols already loaded for /usr/lib/libsocket.so.1
Symbols already loaded for /usr/local/lib/libz.so.1
Symbols already loaded for /usr/lib/libpthread.so.1
Symbols already loaded for /usr/local/lib/libltdl.so.3
Symbols already loaded for /usr/lib/libdl.so.1
Symbols already loaded for /usr/lib/libc.so.1
Symbols already loaded for /usr/lib/libmp.so.2
Symbols already loaded for /usr/local/lib/libgcc_s.so.1
Symbols already loaded for /usr/lib/libthread.so.1
[Switching to Thread 1 (LWP 1)]
0xd118d26d in _poll () from /usr/lib/libc.so.1
(gdb) c
Continuing.

Program received signal SIGSEGV, Segmentation fault.
0xd11ab4ee in strncasecmp () from /usr/lib/libc.so.1
(gdb) bt
#0  0xd11ab4ee in strncasecmp () from /usr/lib/libc.so.1
#1  0x080a2e7a in getboardnum (bname=0xd1040240 <Address 0xd1040240 out of bounds>, bh=0x0)
    at bcache.c:329
#2  0x080a2334 in updatelastpost (board=0xd1040240 <Address 0xd1040240 out of bounds>)
    at bcache.c:86
#3  0x080dd10c in after_post (user=0xd057cac0, fh=0x8046a50,
    boardname=0xd1040240 <Address 0xd1040240 out of bounds>, re=0x0, poststat=1,
    session=0x8147900) at article.c:1223
#4  0x080654bf in post_article (conf=0x8046e20, q_file=0x80f7f8a "", re_file=0x0) at bbs.c:2869
#5  0x08063a44 in do_post (conf=0x8046e20, fileinfo=0x816d5cc, extraarg=0x0) at bbs.c:2283
#6  0x080ed810 in read_key (conf=0x8046e20, command=16) at newread.c:228
#7  0x080c6247 in do_select_internal (conf=0x8046e20, key=16) at select.c:368
#8  0x080c62d1 in list_select (conf=0x8046e20, key=16) at select.c:388
#9  0x080c660f in list_select_loop (conf=0x8046e20) at select.c:486
#10 0x080ee966 in new_i_read (cmdmode=DIR_MODE_NORMAL, direct=0x8046fe0 "boards/vote/.DIR",
    dotitle=0x805f8c1 <readtitle>, doentry=0x805fe79 <readdoent>, rcmdlist=0x813c140, ssize=140)
    at newread.c:675
#11 0x0806cddf in Read () at bbs.c:6214
#12 0x080bc270 in fav_onselect (conf=0x80477d0) at boards_t.c:714
#13 0x080c5d8d in do_select_internal (conf=0x80477d0, key=4099) at select.c:268
#14 0x080c6443 in list_select (conf=0x80477d0, key=13) at select.c:425
#15 0x080c660f in list_select_loop (conf=0x80477d0) at select.c:486
#16 0x080bde0a in choose_board (newflag=1, boardprefix=0xd10a27f5 "0", group=0, favmode=0)
    at boards_t.c:1437
#17 0x080ba4d2 in EGroup (cmd=0xd10a2567 "0BBS") at boards_t.c:23
#18 0x080883bf in domenu (menu_name=0xd10a1f61 "M_EGROUP") at comm_lists.c:651
#19 0x080883bf in domenu (menu_name=0x810ef48 "TOPMENU") at comm_lists.c:651
#20 0x080cbe6c in main_bbs (convit=0, argv=0x8047e78 "bbsd:hutu") at newmain_single.c:1141
#21 0x080c4c14 in bbs_main (argv=0x8047e78 "bbsd:hutu") at bbsd_single.c:771
#22 0x080c4ddb in bbs_standalone_main (argv=0x8047e78 "bbsd:hutu") at bbsd_single.c:914
#23 0x080c4f17 in main (argc=3, argv=0x8047d98) at bbsd_single.c:1009
(gdb) frame 1
#1  0x080a2e7a in getboardnum (bname=0xd1040240 <Address 0xd1040240 out of bounds>, bh=0x0)
    at bcache.c:329
329             if (!strncasecmp(bname, bcache[i].filename, STRLEN)) {
(gdb) up 1
#2  0x080a2334 in updatelastpost (board=0xd1040240 <Address 0xd1040240 out of bounds>)
    at bcache.c:86
86          pos = getboardnum(board,NULL);       /* board name --> board No. */
(gdb) p board
$1 = 0xd1040240 <Address 0xd1040240 out of bounds>
--
修改:linton FROM 220.173.136.*
FROM 220.173.136.*

好，继续调。
不过俺比较菜，请您说，我动手

【 在 stiger (Software like sex,better when it's free) 的大作中提到: 】

:既然是经常会出现，那得看看post_article里什么时候currboard->filename变了。
:继续调？反正经常掉，呵呵，容易。
--
FROM 220.173.136.*

哦，对的，我没有仔细想
函数运行时也可以改变他的frame里的值的，而不一定是调用时就错了的。
【 在 atppp (Big Mouse) 的大作中提到: 】
: 我觉得不是，他这个是调 updatelastpost 的时候 boardname 指针无效
: 而 after_post 里面调 updatelastpost 之前有过 bid = getbid(boardname, &bh);
: 而且显然是正常运行的，文章都发到版面上了说明 after_post 写入 .DIR 正常
: ...................
--
FROM 211.144.200.*

(gdb) info lo
buf = "boards/test/.DIR", '\0' <repeats 44 times>, "\001\000\000\000筡000\000\000\000\000\000\000\001\000\000\000\001\000\000\000l蟎026\b\000\000\000\000╙\004\027jW\rD\n\000\000\000朗W蠤闬023\b\000\000\000\000朗W蠤羂023\b豜\004\by韁t\b\000j\004\b\001\000\000\000<g\004\b\b^\004\b\030^\004\b\001\000\000\000豜\004\b/頫t\b\027\000\000\000\027\000\000\000\001\000\000\000\000\000\000\000\030^\004\b8t\026\b\000\000\000\000\001\000\000\000\027\000\000\000\000\000\000\000\030^\004\b诡\t\b\000j\004\b\001\000\000\000\000\000\000\000<g\004\b\b^\004\b\001\000\000\000\030^"...
fd = 3
err = 0
nowid = 2862
p = 0x8046aa1 ""
oldpath = "boards/test/M.1141725033.S0\000自动换行发表, (A)取消,"
newpath = '\0' <repeats 49 times>
filtered = 0
bh = (struct boardheader *) 0xd1041680
bid = 11
(gdb) p boardname
$2 = 0xd1041680 <Address 0xd1041680 out of bounds>
--
FROM 220.173.136.*

下面的调试步骤可否有问题?  还需怎样进一步的调试?

(gdb) attach 13659
Attaching to program `/export/home0/bbs/bin/bbsd', process 13659
.......
Retry #1:
Retry #2:
Retry #3:
Retry #4:
[New LWP    1        ]
[New Thread 1 (LWP 1)]
Symbols already loaded for /usr/lib/libnsl.so.1
Symbols already loaded for /usr/lib/libsocket.so.1
Symbols already loaded for /usr/local/lib/libz.so.1
Symbols already loaded for /usr/lib/libpthread.so.1
Symbols already loaded for /usr/local/lib/libltdl.so.3
Symbols already loaded for /usr/lib/libdl.so.1
Symbols already loaded for /usr/lib/libc.so.1
Symbols already loaded for /usr/lib/libmp.so.2
Symbols already loaded for /usr/local/lib/libgcc_s.so.1
Symbols already loaded for /usr/lib/libthread.so.1
[Switching to Thread 1 (LWP 1)]
0xd118d26d in _poll () from /usr/lib/libc.so.1
(gdb) b after_post
Breakpoint 1 at 0x80dccfb: file article.c, line 1098.
(gdb) c
Continuing.

Breakpoint 1, after_post (user=0xd057cac0, fh=0x8046a50, boardname=0xd1041680 "test", re=0x0,
    poststat=1, session=0x8147900) at article.c:1098
1098        int fd, err = 0, nowid = 0;
(gdb) watch boardname
Watchpoint 2: boardname
(gdb) p boardname
$1 = 0xd1041680 "test"
(gdb) c
Continuing.

Watchpoint 2 deleted because the program has left the block in
which its expression is valid.
0xd117f790 in strncmp () from /usr/lib/libc.so.1
(gdb) p boardname
No symbol "boardname" in current context.
(gdb) bt
#0  0xd117f790 in strncmp () from /usr/lib/libc.so.1
#1  0x08046a9c in ?? ()
#2  0x08128db1 in post_sufix.0 ()
#3  0x00000004 in ?? ()
#4  0x08045c58 in ?? ()
#5  0xd10dccf1 in read () from /usr/lib/libthread.so.1
#6  0x080654bf in post_article (conf=0x8046e20, q_file=0x80f7f8a "", re_file=0x0) at bbs.c:2869
#7  0x08063a44 in do_post (conf=0x8046e20, fileinfo=0x816de00, extraarg=0x0) at bbs.c:2283
#8  0x080ed810 in read_key (conf=0x8046e20, command=16) at newread.c:228
#9  0x080c6247 in do_select_internal (conf=0x8046e20, key=16) at select.c:368
#10 0x080c62d1 in list_select (conf=0x8046e20, key=16) at select.c:388
#11 0x080c660f in list_select_loop (conf=0x8046e20) at select.c:486
#12 0x080ee966 in new_i_read (cmdmode=DIR_MODE_NORMAL, direct=0x8046fe0 "boards/test/.DIR",
    dotitle=0x805f8c1 <readtitle>, doentry=0x805fe79 <readdoent>, rcmdlist=0x813c140, ssize=140)
    at newread.c:675
#13 0x0806cddf in Read () at bbs.c:6214
#14 0x080bc270 in fav_onselect (conf=0x80477d0) at boards_t.c:714
#15 0x080c5d8d in do_select_internal (conf=0x80477d0, key=4099) at select.c:268
#16 0x080c6443 in list_select (conf=0x80477d0, key=13) at select.c:425
#17 0x080c660f in list_select_loop (conf=0x80477d0) at select.c:486
#18 0x080bde0a in choose_board (newflag=1, boardprefix=0xd10a27f5 "0", group=0, favmode=0)
    at boards_t.c:1437
#19 0x080ba4d2 in EGroup (cmd=0xd10a2567 "0BBS") at boards_t.c:23
#20 0x080883bf in domenu (menu_name=0xd10a1f61 "M_EGROUP") at comm_lists.c:651
#21 0x080883bf in domenu (menu_name=0x810ef48 "TOPMENU") at comm_lists.c:651
#22 0x080cbe6c in main_bbs (convit=0, argv=0x8047e78 "bbsd:hutu") at newmain_single.c:1141
#23 0x080c4c14 in bbs_main (argv=0x8047e78 "bbsd:hutu") at bbsd_single.c:771
#24 0x080c4ddb in bbs_standalone_main (argv=0x8047e78 "bbsd:hutu") at bbsd_single.c:914
#25 0x080c4f17 in main (argc=3, argv=0x8047d98) at bbsd_single.c:1009
(gdb) frame 6
#6  0x080654bf in post_article (conf=0x8046e20, q_file=0x80f7f8a "", re_file=0x0) at bbs.c:2869
2869        returnvalue =
(gdb) i lo
post_file = {filename = "M.1141726563.1j\000\000\000\000", id = 0, groupid = 0, reid = 0,
  o_bid = 0, o_id = 0, o_groupid = 0, o_reid = 0, innflag = "LL",
  owner = "hutu\000\000\000\000\000\000\000\000\000", eff_size = 0, posttime = 0, attachment = 0,
  title = "ok", '\0' <repeats 57 times>, accessed = "\000\000\000"}
filepath = "boards/test/M.1141726563.1j", '\0' <repeats 17 times>, "0[本站]      新手操练区", '\0' <repeats 12 times>
buf = "ok\000tts\000e纈\004\b\026\b\000[1 \002\000\000\000\002\000\000\000\002\000\000\000\000\000\000\000衜\004\bHi\004\b\214i\004\b\210i\004\b\004\b鴠\004\bk颸020\b!\000\000\000\004\000\000\000╥\004\bB縗n\ba蚛r裓000\000\000\000?\025\bN\005\000\000覩\000\000\004\000\000\000\210i\004\b犎\f\b\000\000\000\000?\025\bN\005\000\0000璡n\bO\000\000\000\027\000\000\000\bk\004\b8璡n\bES] 衜\004\b\005\000\000\000\004\b\e[33m44m(\000\000\000痄\016\b\023\000\000\000\026\b豮\004\b\016\b \e[1;33m"...
buf2 = "\e[1;32mP\e[m使用模板，\e[1;32mb\e[m回复到信箱，\e[1;32mT\e[m改标题，\e[1;32mEnter\e[m继续: \000h\004\bPi\004\b\034襖026\b\e[4B\0003m\000\004\000\000\000\004\000\000\000\000\000\000\000朗W衆230h\004\bi絓n\b1;\000\b\000\020\000\000!裓000?熏h\004\b\001\000\000\000\000\000\000\000衜\004\b\e[9C\000i\004\b\000?裓020i\004\b\bi\004\b[i\004\b\220I!裺\000\000\000\000\000\000\000(瞈e?...
buf3 = "引言模式 [S]\000f\b餲\004\b\035\000\000H\030h\004\b帼\f\bH\000\000\000dh\004\b鴊\004\bi絓n\b\004\000\000\000\000\020\000\000>\200\017\b鱣\004\b\e[20;2H\000覩\000\000彼\f\b"
buf4 = "ok\000\b(瞈e裓206\200\017\b詆\004\b蘥\004\b鱣\004\b?\177\005j\004\b\002\000\000\000\001?裓230i\004\b|\004\006\b竒\004\bΦ\e裠骪020\b蘥\004\b╣\004\b\004\000\000\000\025\000\000\000鱣\004\b"
use_tmpl = 0
aborted = 1
anonyboard = 0
replymode = 0
ans = "\000g\004\b胕\n\b"
ooo = 0 '\0'
include_mode = 83 'S'
bp = (struct boardheader *) 0xd1041680
eff_size = 0
nUpload = 0
ai = {{
---Type <return> to continue, or q <return> to quit---
    name = "\202\0014衆001", '\0' <repeats 15 times>, "╝\004\b9t\b\202\0014\000\000c\004\b╝\004\b\216\000\n\b\202\0014衆000\000\000\0008e\004\b萬\004\b", offset = 0, length = 134505639,
    size = 135295505}, {
    name = "d\000\000\000d\000\000\000I\000\000\000\202\0014衆017\000\000\000\000\000\000\000Hh\004\bs\v\n\b\017\000\000\000\000\000\000\000\000\0004绪\n\n\b\177\002\000\000\000\001\000\000", offset = 0, length = 0, size = 0}, {
    name = "\224\002!裓000\000\000\000\000\000\000\000\000?裓000b\004\ba_\031裓016", '\0' <repeats 11 times>, "\017\000\000\000\030f\004\b鋅b\032?╘037养}\004\bT}\004\b\000??, offset = 0,
    length = 135430235, size = 0}, {
    name = "\000\000\000\000\224\002!裓000\000\000\000\004\b\000?裀b\004\ba_\031裓210\002!养}\004\bT}\004\b\000?裩f\004\b鋅b\032?╘037养}\004\bT}\004\b", offset = -786370560, length = 1,
    size = 0}, {
    name = "\000\000\000\000\000\000\000\000xb5\000\000\000\000\000e偌C\000\000\000\000\001\000\000\000\000readtre\000\000\000\000\000\000\000\000M鸺C\000\000\000\000\000\000\000\000s\000\000\000\a\000\000", offset = 134508145, length = 0, size = 0}, {
    name = "\017\207\020\b\000\000\000\000\000\000\000\000ni\000\000li\000\000\000\000\000\000'缂C\224\002!裓000\000\000\000\004\b\000?裓224\002!裓000\000\000\000\004\b\000?裓020c\004\b",
    offset = -786866335, length = -801898496, size = 386}, {
    name = "\000\0004?\0004?\0004衪\0004衭\0004衯\0004衱\0004衵\0004衺\0004小\0004衆005\0014衆006\0014衆224\002!裓000\000\000\000\004\b\000??, offset = -786365804, length = 0,
    size = 134512290}, {
    name = "\000?裵c\004\ba_\031裓210\002!养}\004\bT}\004\b\000?裓210g\004\b鋅b\032?╘037养}\004\bT}\004\b\000?裓000\000\000\000\001\000\000\000\000\000\000", offset = 0, length = 115,
    size = 5}, {
    name = "\237o\004\b\000\000\000\000\000\000\000\000\017\207\020\b\000\000\000\000\000\000\000\000\000o\004\bイ\e裓030o\004\b鴠\004\b覩\000\000\000?裓000\000\000\000\a\000\000\000\001\000\000\000\000\000\000", offset = 0, length = 0, size = 134508478}, {
    name = "\210\200\022\b\001\000\000\000\000\000\000\000\000?裀o\004\bY鉢e裓000\000\000\000\000\000\000\000イ\e裓000\000\000\000\000\000\000\000\224\002!褆d\004\bxd\004\b磀\004\b@d\004\b",
    offset = -786866335, length = 4, size = 134512120}, {
    name = "T}\004\b\000?裩d\004\b(瞈e裓204G\000\000彼\f\b?\025\bj襖026\b\001\000\000\000磀\004\b癲\004\b\001\000\000\000\224\002!裓000\000\000\000\004\b\000??, offset = 134505616,
---Type <return> to continue, or q <return> to quit---
    length = -786866335, size = 3508601480}, {
    name = "鴠\004\bT}\004\b\000?穴h\004\b鋅b\032?╘037养}\004\bT}\004\b\000?裈}\004\b\000?裓e[4B\000\000\000\000\001\000\000\000\000\000\000\000\000\000\000", offset = 0, length = 0,
    size = 135323019}, {
    name = "\000\000\000\000\000\000\000\000\000see\000\000ner\000\000\000\000\000\000\000\003\004\031养}\004\bT}\004\b朗W需e\004\b-\000\000\000\016\000\000\0006\000\000\000\000\000\000\000\000\000\000", offset = 0, length = 2, size = 23}, {
    name = "\001\000\000\000c\000\000\000\000\000\000\000/", '\0' <repeats 11 times>, "I\000\000\000\003\004\031养}\004\bT}\004\b朗W?f\004\b愎\n\bpe\004\bfg\004\b\002\000\000",
    offset = 1136528878, length = 1, size = 1970566400}, {
    name = "\000\000\000ee\000\000\00033\000裓000?牙p\004\b躤\004\b豦\004\b鬳\004\bV\t\000\000\000??\000\000\000\000??\000\000\000イ\e補蚛r裓000\000\000", offset = 135609537, length = 553,
    size = 18308}, {
    name = "\004\000\000\000豦\004\b犎\f\b\000\000\000\000?\025\b)\002\000\0000璡n\bN\000\000\000\027\000\000\000Xg\004\b8璡n\b\024q\004\b朗W?\000\000\000鬳\004\b\e[33", offset = 1832137837,
    length = -786347613, size = 3508596736}, {
    name = "\034f\004\bfF\016养}\004\b@羂023\b\000\000\000\000\000\000\f裓020g\004\b\034襖026\bxf\004]\002\000\000\000\004\000\000\000\004\000\000\000\000\000\000\000朗W蠿f\004\bi絓n\b",
    offset = 134506267, length = 4096, size = 3508619683}, {
    name = "\000?裭f\004\b\0211\031迅f\004\bB縗n\b\020g\004\bjg\004\b\000?研f\004\b萬\004\b\eg\004\b\220I!裺\000\000\000\000\000\000\000(瞈e讶颸020\b", offset = 134506168, length = 0, size = 1},
  {
    name = "蜂\020\b萬\004\b╢\004\b朗W恤\177\000\000\000\000\000\b\000\000\000\000\000\000hh\004\b\220耚f\b\000\b\000\000\000\000\000\000hh\004\b{耚f\b$\226\032燕f\004\b", offset = -786889725,
    length = 0, size = 2}, {
    name = "\000\000\000\000T}\004\b垂\n\b\020g\004\b磣\017\b\000\000\000\000k颸020\bk颸020\b\004\000\000\000\000\000\000\000\002]\rD\"鬨027养}\004\bT}\004\b朗W衕utu", offset = 1936029031,
    length = 134506312, size = 134909908}}
mailback = 0
ret = 8
direct = "boards/test/.DIR\000`\004\b\023r\020\b\000\000\000\000\000\000\000\000\234=\nD\234=\nD\001\000\000\000\000urr\000ca\000xb\000\000\000\000\000\000bP\nDbP\nD\001\000\000\000\000utu\000ky\000---Type <return> to continue, or q <return> to quit---
e\000\000\000\000\000\000\000Bc\nDBc\nD\001\000\000\000\000utu\000\000a\00086\000\000\000\000\000\0007!\fDUA\fD\n\000\000\000\000utu\000ca\000e\000\000\000\000\000\000\000\224v\nD\224v\nD\001\000\000\000\000utu\000\000y\000\000\000\000\000\000\000\000\000w靄fD\223馶fD\004\000\000\000\000utu\000tree\000\000\000\000\000\000\000"...
cmdmode = 0
returnvalue = 1920299879
(gdb)


【 在 atppp (Big Mouse) 的大作中提到: 】
: 准备发文
: gdb挂上
: (gdb) b after_post
: ...................
--
修改:linton FROM 220.173.136.*
FROM 220.173.136.*