From 38e4f8d414e7470b5bef81dbae060fc8cd518e92 Mon Sep 17 00:00:00 2001
From: Nicholas Peshek <npeshek2@illinois.edu>
Date: Thu, 7 May 2015 18:05:11 -0500
Subject: [PATCH 1/2] This fixed my reproducible "realloc" crash.

---
 src/glb_wdog.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/glb_wdog.c b/src/glb_wdog.c
index 43f72d3..53b51ed 100644
--- a/src/glb_wdog.c
+++ b/src/glb_wdog.c
@@ -329,7 +329,7 @@ wdog_copy_result (wdog_dst_t* const d, double* const max_lat, int const lf)
             if (others_len < res->others_len ||
                 others_len > (res->others_len * 2)) {
                 // buffer size is too different, reallocate
-                d->result.others = realloc (others, res->others_len);
+                d->result.others = realloc (others, res->others_len + 1);
                 if (!d->result.others && res->others_len > 0) {
                     // this is pretty much fatal, but we'll try
                     free (others);
@@ -707,6 +707,7 @@ glb_wdog_create (const glb_cnf_t* cnf, glb_router_t* router, glb_pool_t* pool)
         ret->cnf    = cnf;
         ret->router = router;
         ret->pool   = pool;
+        ret->dst    = NULL;
 
         pthread_mutex_init (&ret->lock, NULL);
         pthread_cond_init  (&ret->cond, NULL);

From 423c4400bd7ca97cc756c91f18b76495a9f7c650 Mon Sep 17 00:00:00 2001
From: Nicholas Peshek <npeshek2@illinois.edu>
Date: Thu, 7 May 2015 18:12:26 -0500
Subject: [PATCH 2/2] Properly zero out your structs to silence valgrind and
 prevent accidental data passing.

---
 src/glb_pool.c | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/src/glb_pool.c b/src/glb_pool.c
index c033174..1b2fcaa 100644
--- a/src/glb_pool.c
+++ b/src/glb_pool.c
@@ -1059,7 +1059,10 @@ pool_bcast_ctl (glb_pool_t* pool, pool_ctl_t* ctl)
 int
 glb_pool_drop_dst (glb_pool_t* pool, const glb_sockaddr_t* dst)
 {
-    pool_ctl_t drop_dst_ctl = { POOL_CTL_DROP_DST, (void*)dst };
+    pool_ctl_t drop_dst_ctl;
+    memset(&drop_dst_ctl, 0, sizeof(pool_ctl_t));
+    drop_dst_ctl.code = POOL_CTL_DROP_DST;
+    drop_dst_ctl.data = (void*)dst;
     return pool_bcast_ctl (pool, &drop_dst_ctl);
 }
 
@@ -1067,7 +1070,10 @@ ssize_t
 glb_pool_print_stats (glb_pool_t* pool, char* buf, size_t buf_len)
 {
     glb_pool_stats_t stats = glb_zero_stats;
-    pool_ctl_t stats_ctl   = { POOL_CTL_STATS, (void*)&stats };
+    pool_ctl_t stats_ctl;
+    memset(&stats_ctl, 0, sizeof(pool_ctl_t));
+    stats_ctl.code = POOL_CTL_STATS;
+    stats_ctl.data = (void*)&stats;
     ssize_t    ret;
     glb_time_t now = glb_time_now();
 
@@ -1170,7 +1176,10 @@ void
 glb_pool_destroy (glb_pool_t* pool)
 {
     long i;
-    pool_ctl_t shutdown_ctl = { POOL_CTL_SHUTDOWN, NULL };
+    pool_ctl_t shutdown_ctl;
+    memset(&shutdown_ctl, 0, sizeof(pool_ctl_t));
+    shutdown_ctl.code = POOL_CTL_SHUTDOWN;
+    shutdown_ctl.data = NULL;
     int err = pool_bcast_ctl (pool, &shutdown_ctl);
 
     if (err) glb_log_debug ("shutdown broadcast failed: %d", -err);