getenv() causes segfault in recv() loop

[MK27]

I've written a recv loop function that looks like this:

Code:

int Recept (int sock, char *buffer) {
        int count=0;
        char *ptr=buffer;
        if ((buffer=malloc(1))==NULL) return -2;
        while (recv(sock,ptr,1,0)>0) {
                printf("bytes=%6d\t%c\n",count,ptr[0]);      // for debugging
                if ((ptr[0]=='\n') && (count > 0) && (buffer[count]=='\r')) {
                        buffer[count]='\0';
                        puts ("Recept() done.");
                        return count;} 
                ptr++; count++;
                buffer=realloc(buffer,count+1);
                if (buffer==NULL) return -3;
        }
        return -1; 
}

It reaches the end (but sometimes not) of a GET request (eg, "...</html>") and then segfaults before "Recept () done" appears -- apparently in getenv() from libc.so.6. I'm almost positive it worked fine yesturday, although I have changed the code which accounts for the connection on sock.

[vart]

your ptr pointer points into some address that has nothing to do with storage allocated with malloc/realloc... so you writing to some random address...

And I do not see a reason to pass buffer as a parameter - you change its value in the function anyway and the calling function does not know about it... - so it has no feed back anyway

[MK27]

your ptr pointer points into some address that has nothing to do with storage allocated with malloc/realloc... so you writing to some random address...

I was surprised by this but you're right. Anyway, I changed it to use a buffer with a fixed size:

Code:

int Recept (int sock, char *buffer, int size) {
        int count=0;
        char *ptr=buffer;
        while (recv(sock,ptr,1,0)>0) {
                if (ptr[0]=='\n') {
                        if (buffer[count-1]=='\r') buffer[count-1]='\0'; 
                        else buffer[count]='\0';
                        return count;}
                ptr++; count++;
                if (count>=size) return -2; 
        }
        perror("Recept() -- recv");
        return -1; 
}

and the strange thing that happens now is this: I use it looped in one function for the reply to a HEAD request. No problems. Then I send GET on the same item (a binary) so I want to skip thru the head:

Code:

for (i=o;i<10;i++)  {
      tmp=Recept(sock,buffer,4096);         // exactly the same line as in the other function
      printf("&#37;d %s\n",tmp,buffer);                   // just to check
}

At every iteration including the first one, I get:

Recept() -- recv: Illegal seek
-1

I've googled around for why recv would return this error and no one seems to have sorted it out, but I still have my fingers crossed
It would seem that the recv here doesn't work at all, because the next thing is I want the binary and I have Content-Length, so I just do recv(sock,buffer,Content-Length,0), which does work except it includes the ten lines of the head I wanted to skip -- ie, Recept did nothing but fail.

[brewbuck]

Recept() -- recv: Illegal seek
-1

I've googled around for why recv would return this error and no one seems to have sorted it out, but I still have my fingers crossed

recv() returns no such error. You are improperly calling perror() when the call to recv() did not set an error code. recv() can return 0 if the socket is disconnected. Instead of treating this as a normal event you are treating it as an error and you are printing whatever garbage error code happens to be sitting in errno at the moment.

The error which sits in errno is only a valid error if the last call to a library function return -1.