View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0002499GNUnetDHT servicepublic2012-07-16 14:572012-11-05 18:34
ReporterBart Polot Assigned ToBart Polot  
PrioritynormalSeverityminorReproducibilitysometimes
Status closedResolutionfixed 
Product VersionGit master 
Target Version0.9.4Fixed in Version0.9.4 
Summary0002499: Unknown message type
DescriptionSomewhere the msg->type is not set correctly (lack of htons) or some memory corruption is going on.

Jul 16 14:44:20-964442 mesh-26098 ERROR Assertion failed at dht_api.c:882.
Jul 16 14:44:20-964453 dht-api-26098 WARNING Unknown DHT message type: 40960 (160)
Jul 16 14:44:20-964459 mesh-26098 ERROR Assertion failed at dht_api.c:890.

40960 is the ntohs'd type.
160 is the plain msg->type

#define GNUNET_MESSAGE_TYPE_HOSTLIST_ADVERTISEMENT 160
Steps To Reproducerun test_mesh_regex
TagsNo tags attached.

Activities

Bart Polot

2012-07-16 15:34

manager   ~0006243

Seems to be an issue in DHT service:

Jul 16 15:29:36-314423 dht-2778 DEBUG Transmitting 41165 bytes, message type 769 (259)
Jul 16 15:29:36-314441 dht-2778 DEBUG Transmitting 259 bytes, message type 145 (37120)
Jul 16 15:29:36-315015 mesh-2779 ERROR Assertion failed at dht_api.c:882.
Jul 16 15:29:36-315032 dht-api-2779 WARNING Unknown DHT message type: 769 (259) size: 41165
Jul 16 15:29:36-315042 mesh-2779 ERROR Assertion failed at dht_api.c:890.

Bart Polot

2012-07-16 17:38

manager   ~0006244

Again, similar (data in parenthesis is without ntohs).

Jul 16 17:23:14-514441 dht-27214 ERROR Transmitting 37796 (42131) bytes, message type 52010 (10955)
Jul 16 17:23:14-514695 mesh-27159 ERROR Assertion failed at dht_api.c:882.
Jul 16 17:23:14-514719 dht-api-27159 WARNING Unknown DHT message type: 52010 (10955) size: 37796
Jul 16 17:23:14-514730 mesh-27159 ERROR Assertion failed at dht_api.c:890.
Jul 16 17:23:14-514740 mesh-27159 DEBUG Disconnecting from DHT service, will try to reconnect in 500 ms

An equivalent check placed at add_pending_message did not give any alert, looks like the data is getting corrupted while in the queue...

Bart Polot

2012-07-17 15:07

manager   ~0006248

Related:

#0 0x00000000004053f5 in send_reply_to_client (cls=0x1f06d40, size=544, buf=0x1f0ded0) at gnunet-service-dht_clients.c:821
821 if (ntohs(reply->msg->type) > 155)
(gdb) bt full
#0 0x00000000004053f5 in send_reply_to_client (cls=0x1f06d40, size=544, buf=0x1f0ded0) at gnunet-service-dht_clients.c:821
        client = 0x1f06d40
        cbuf = 0x1f0ded0 "\002 "
        reply = 0x1f1c750
        off = 0
        msize = 544
        __FUNCTION__ = "send_reply_to_client"
#1 0x00007f2eed34e9cb in transmit_ready_callback_wrapper (cls=0x1f06780, size=544, buf=0x1f0ded0) at server.c:1437
        client = 0x1f06780
        callback = 0x405080 <send_reply_to_client>
#2 0x00007f2eed32128e in process_notify (connection=0x1f06690) at connection.c:1157
        used = 0
        avail = 544
        size = 544
        notify = 0x7f2eed34e964 <transmit_ready_callback_wrapper>
        __FUNCTION__ = "process_notify"
#3 0x00007f2eed321dca in transmit_ready (cls=0x1f06690, tc=0x7fff4474dde0) at connection.c:1288
        connection = 0x1f06690
        notify = 0x1000000000
        ret = 0
        have = 46
        __FUNCTION__ = "transmit_ready"
#4 0x00007f2eed3491c5 in run_ready (rs=0x1ea7170, ws=0x1ea7200) at scheduler.c:602
        p = GNUNET_SCHEDULER_PRIORITY_DEFAULT
        pos = 0x1f1a3e0
        tc = {reason = 24, read_ready = 0x1ea7170, write_ready = 0x1ea7200}
        __FUNCTION__ = "run_ready"
#5 0x00007f2eed349996 in GNUNET_SCHEDULER_run (task=0x7f2eed3565c0 <service_task>, task_cls=0x7fff4474e190) at scheduler.c:790
        rs = 0x1ea7170
        ws = 0x1ea7200
        timeout = {rel_value = 0}
        ret = 4
        shc_int = 0x1ea7290
        shc_term = 0x1ea7340
        shc_quit = 0x1ea74a0
        shc_hup = 0x1ea7550
        shc_pipe = 0x1ea73f0
        last_tr = 4731
        busy_wait_warning = 0
        pr = 0x1ea7120
        c = 0 '\000'
        __FUNCTION__ = "GNUNET_SCHEDULER_run"
#6 0x00007f2eed357fe6 in GNUNET_SERVICE_run (argc=3, argv=0x7fff4474e408, service_name=0x40e7e0 "dht", options=GNUNET_SERVICE_OPTION_NONE, task=0x402da3 <run>, task_cls=0x0) at service.c:1795
        err = 0
        cfg_fn = 0x1ea5090 "/tmp/test_mesh_small//1//gnunet-testing-configVFkbmB"
        loglev = 0x0
        logfile = 0x0
        do_daemonize = 0
        i = 4205987
        skew_offset = 139835545223169
        skew_variance = 0
        clock_offset = 0
        sctx = {cfg = 0x1ea4f60, server = 0x1ea76c0, addrs = 0x0, service_name = 0x40e7e0 "dht", task = 0x402da3 <run>, task_cls = 0x0, v4_denied = 0x0, v6_denied = 0x0, v4_allowed = 0x1ea7130, v6_allowed = 0x1eb04c0, my_handlers = 0x1eb10b0,
          addrlens = 0x0, lsocks = 0x1eb7f20, shutdown_task = 4, timeout = {rel_value = 18446744073709551615}, ret = 1, ready_confirm_fd = -1, require_found = 1, match_uid = 1, match_gid = 1, options = GNUNET_SERVICE_OPTION_NONE}
        cfg = 0x1ea4f60
        service_options = {{shortName = 99 'c', name = 0x7f2eed362d85 "config", argumentHelp = 0x7f2eed362d8c "FILENAME", description = 0x7f2eed362d98 "use configuration file FILENAME", require_argument = 1,
            processor = 0x7f2eed3391ff <GNUNET_GETOPT_set_string>, scls = 0x7fff4474e250}, {shortName = 100 'd', name = 0x7f2eed362db8 "daemonize", argumentHelp = 0x0, description = 0x7f2eed362dc8 "do daemonize (detach from terminal)",
            require_argument = 0, processor = 0x7f2eed3391d2 <GNUNET_GETOPT_set_one>, scls = 0x7fff4474e23c}, {shortName = 104 'h', name = 0x7f2eed362dec "help", argumentHelp = 0x0, description = 0x7f2eed362df1 "print this help",
            require_argument = 0, processor = 0x7f2eed338c92 <GNUNET_GETOPT_format_help_>, scls = 0x0}, {shortName = 76 'L', name = 0x7f2eed362e01 "log", argumentHelp = 0x7f2eed362e05 "LOGLEVEL",
            description = 0x7f2eed362e10 "configure logging to use LOGLEVEL", require_argument = 1, processor = 0x7f2eed3391ff <GNUNET_GETOPT_set_string>, scls = 0x7fff4474e248}, {shortName = 108 'l', name = 0x7f2eed362e32 "logfile",
            argumentHelp = 0x7f2eed362e3a "LOGFILE", description = 0x7f2eed362e48 "configure logging to write logs to LOGFILE", require_argument = 1, processor = 0x7f2eed3391ff <GNUNET_GETOPT_set_string>, scls = 0x7fff4474e240}, {
            shortName = 118 'v', name = 0x7f2eed362e73 "version", argumentHelp = 0x0, description = 0x7f2eed362e7b "print the version number", require_argument = 0, processor = 0x7f2eed338c4c <GNUNET_GETOPT_print_version_>,
            scls = 0x7f2eed362e94}, {shortName = 0 '\000', name = 0x0, argumentHelp = 0x0, description = 0x0, require_argument = 0, processor = 0, scls = 0x0}}
        __FUNCTION__ = "GNUNET_SERVICE_run"
#7 0x0000000000402f64 in main (argc=3, argv=0x7fff4474e408) at gnunet-s

Bart Polot

2012-07-17 15:09

manager   ~0006249

Same core dump:

(gdb) p reply
$1 = (struct PendingMessage *) 0x1f1c750
(gdb) p reply->msg
$2 = (const struct GNUNET_MessageHeader *) 0x0
(gdb)
$3 = (const struct GNUNET_MessageHeader *) 0x0
(gdb) p *reply
$4 = {next = 0x7f2eec24d658, prev = 0x7f2eec24d658, msg = 0x0}
(gdb) p reply->next
$5 = (struct PendingMessage *) 0x7f2eec24d658
(gdb) p *reply->next
$6 = {next = 0x1f2bc10, prev = 0x1f1e0d0, msg = 0x1f1c740}
(gdb) p *reply->prev
$7 = {next = 0x1f2bc10, prev = 0x1f1e0d0, msg = 0x1f1c740}

Bart Polot

2012-07-17 16:29

manager   ~0006251

* Crashes due to the extra debug messages
* Only happens on test mesh regex
* Valgrind shows lots of use after free errors

Bart Polot

2012-07-17 18:32

manager   ~0006252

==4736== Invalid read of size 2
==4736== at 0x405731: send_reply_to_client (gnunet-service-dht_clients.c:815)
==4736== by 0x60B49CA: transmit_ready_callback_wrapper (server.c:1437)
==4736== by 0x608728D: process_notify (connection.c:1157)
==4736== by 0x6087DC9: transmit_ready (connection.c:1288)
==4736== by 0x60AF1C4: run_ready (scheduler.c:602)
==4736== by 0x60AF995: GNUNET_SCHEDULER_run (scheduler.c:790)
==4736== by 0x60BDFE5: GNUNET_SERVICE_run (service.c:1795)
==4736== by 0x402F63: main (gnunet-service-dht.c:184)
==4736== Address 0x96d1c08 is 24 bytes inside a block of size 346 free'd
==4736== at 0x4C29A9E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4736== by 0x607E0A8: GNUNET_xfree_ (common_allocation.c:230)
==4736== by 0x405687: send_reply_to_client (gnunet-service-dht_clients.c:826)
==4736== by 0x60B49CA: transmit_ready_callback_wrapper (server.c:1437)
==4736== by 0x608728D: process_notify (connection.c:1157)
==4736== by 0x6087DC9: transmit_ready (connection.c:1288)
==4736== by 0x60AF1C4: run_ready (scheduler.c:602)
==4736== by 0x60AF995: GNUNET_SCHEDULER_run (scheduler.c:790)
==4736== by 0x60BDFE5: GNUNET_SERVICE_run (service.c:1795)
==4736== by 0x402F63: main (gnunet-service-dht.c:184)
==4736==
==4736== Invalid read of size 2
==4736== at 0x40597E: process_pending_messages (gnunet-service-dht_clients.c:861)
==4736== by 0x405765: send_reply_to_client (gnunet-service-dht_clients.c:831)
==4736== by 0x60B49CA: transmit_ready_callback_wrapper (server.c:1437)
==4736== by 0x608728D: process_notify (connection.c:1157)
==4736== by 0x6087DC9: transmit_ready (connection.c:1288)
==4736== by 0x60AF1C4: run_ready (scheduler.c:602)
==4736== by 0x60AF995: GNUNET_SCHEDULER_run (scheduler.c:790)
==4736== by 0x60BDFE5: GNUNET_SERVICE_run (service.c:1795)
==4736== by 0x402F63: main (gnunet-service-dht.c:184)
==4736== Address 0x96d1c08 is 24 bytes inside a block of size 346 free'd
==4736== at 0x4C29A9E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4736== by 0x607E0A8: GNUNET_xfree_ (common_allocation.c:230)
==4736== by 0x405687: send_reply_to_client (gnunet-service-dht_clients.c:826)
==4736== by 0x60B49CA: transmit_ready_callback_wrapper (server.c:1437)
==4736== by 0x608728D: process_notify (connection.c:1157)
==4736== by 0x6087DC9: transmit_ready (connection.c:1288)
==4736== by 0x60AF1C4: run_ready (scheduler.c:602)
==4736== by 0x60AF995: GNUNET_SCHEDULER_run (scheduler.c:790)
==4736== by 0x60BDFE5: GNUNET_SERVICE_run (service.c:1795)
==4736== by 0x402F63: main (gnunet-service-dht.c:184)
==4736==


==4736== Invalid read of size 2
==4736== at 0x4052BF: send_reply_to_client (gnunet-service-dht_clients.c:817)
==4736== by 0x60B49CA: transmit_ready_callback_wrapper (server.c:1437)
==4736== by 0x608728D: process_notify (connection.c:1157)
==4736== by 0x6087DC9: transmit_ready (connection.c:1288)
==4736== by 0x60AF1C4: run_ready (scheduler.c:602)
==4736== by 0x60AF995: GNUNET_SCHEDULER_run (scheduler.c:790)
==4736== by 0x60BDFE5: GNUNET_SERVICE_run (service.c:1795)
==4736== by 0x402F63: main (gnunet-service-dht.c:184)
==4736== Address 0x96d1c0a is 26 bytes inside a block of size 346 free'd
==4736== at 0x4C29A9E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4736== by 0x607E0A8: GNUNET_xfree_ (common_allocation.c:230)
==4736== by 0x405687: send_reply_to_client (gnunet-service-dht_clients.c:826)
==4736== by 0x60B49CA: transmit_ready_callback_wrapper (server.c:1437)
==4736== by 0x608728D: process_notify (connection.c:1157)
==4736== by 0x6087DC9: transmit_ready (connection.c:1288)
==4736== by 0x60AF1C4: run_ready (scheduler.c:602)
==4736== by 0x60AF995: GNUNET_SCHEDULER_run (scheduler.c:790)
==4736== by 0x60BDFE5: GNUNET_SERVICE_run (service.c:1795)
==4736== by 0x402F63: main (gnunet-service-dht.c:184)
==4736==
==4736== Invalid read of size 2
==4736== at 0x4052D8: send_reply_to_client (gnunet-service-dht_clients.c:817)
==4736== by 0x60B49CA: transmit_ready_callback_wrapper (server.c:1437)
==4736== by 0x608728D: process_notify (connection.c:1157)
==4736== by 0x6087DC9: transmit_ready (connection.c:1288)
==4736== by 0x60AF1C4: run_ready (scheduler.c:602)
==4736== by 0x60AF995: GNUNET_SCHEDULER_run (scheduler.c:790)
==4736== by 0x60BDFE5: GNUNET_SERVICE_run (service.c:1795)
==4736== by 0x402F63: main (gnunet-service-dht.c:184)
==4736== Address 0x96d1c08 is 24 bytes inside a block of size 346 free'd
==4736== at 0x4C29A9E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4736== by 0x607E0A8: GNUNET_xfree_ (common_allocation.c:230)
==4736== by 0x405687: send_reply_to_client (gnunet-service-dht_clients.c:826)
==4736== by 0x60B49CA: transmit_ready_callback_wrapper (server.c:1437)
==4736== by 0x608728D: process_notify (connection.c:1157)
==4736== by 0x6087DC9: transmit_ready (connection.c:1288)
==4736== by 0x60AF1C4: run_ready (scheduler.c:602)
==4736== by 0x60AF995: GNUNET_SCHEDULER_run (scheduler.c:790)
==4736== by 0x60BDFE5: GNUNET_SERVICE_run (service.c:1795)
==4736== by 0x402F63: main (gnunet-service-dht.c:184)
==4736==
Jul 17 18:19:28-581363 dht-4736 ERROR ............... SENT 0x96d2cb0 (0x96d2cb0), s 322 t 145
==4736== Invalid read of size 1
==4736== at 0x4C2C351: memcpy@@GLIBC_2.14 (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4736== by 0x405512: send_reply_to_client (gnunet-service-dht_clients.c:821)
==4736== by 0x60B49CA: transmit_ready_callback_wrapper (server.c:1437)
==4736== by 0x608728D: process_notify (connection.c:1157)
==4736== by 0x6087DC9: transmit_ready (connection.c:1288)
==4736== by 0x60AF1C4: run_ready (scheduler.c:602)
==4736== by 0x60AF995: GNUNET_SCHEDULER_run (scheduler.c:790)
==4736== by 0x60BDFE5: GNUNET_SERVICE_run (service.c:1795)
==4736== by 0x402F63: main (gnunet-service-dht.c:184)
==4736== Address 0x96d1d49 is 345 bytes inside a block of size 346 free'd
==4736== at 0x4C29A9E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4736== by 0x607E0A8: GNUNET_xfree_ (common_allocation.c:230)
==4736== by 0x405687: send_reply_to_client (gnunet-service-dht_clients.c:826)
==4736== by 0x60B49CA: transmit_ready_callback_wrapper (server.c:1437)
==4736== by 0x608728D: process_notify (connection.c:1157)
==4736== by 0x6087DC9: transmit_ready (connection.c:1288)
==4736== by 0x60AF1C4: run_ready (scheduler.c:602)
==4736== by 0x60AF995: GNUNET_SCHEDULER_run (scheduler.c:790)
==4736== by 0x60BDFE5: GNUNET_SERVICE_run (service.c:1795)
==4736== by 0x402F63: main (gnunet-service-dht.c:184)
==4736==
==4736== Invalid read of size 8
==4736== at 0x4C2C378: memcpy@@GLIBC_2.14 (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4736== by 0x405512: send_reply_to_client (gnunet-service-dht_clients.c:821)
==4736== by 0x60B49CA: transmit_ready_callback_wrapper (server.c:1437)
==4736== by 0x608728D: process_notify (connection.c:1157)
==4736== by 0x6087DC9: transmit_ready (connection.c:1288)
==4736== by 0x60AF1C4: run_ready (scheduler.c:602)
==4736== by 0x60AF995: GNUNET_SCHEDULER_run (scheduler.c:790)
==4736== by 0x60BDFE5: GNUNET_SERVICE_run (service.c:1795)
==4736== by 0x402F63: main (gnunet-service-dht.c:184)
==4736== Address 0x96d1d40 is 336 bytes inside a block of size 346 free'd
==4736== at 0x4C29A9E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4736== by 0x607E0A8: GNUNET_xfree_ (common_allocation.c:230)
==4736== by 0x405687: send_reply_to_client (gnunet-service-dht_clients.c:826)
==4736== by 0x60B49CA: transmit_ready_callback_wrapper (server.c:1437)
==4736== by 0x608728D: process_notify (connection.c:1157)
==4736== by 0x6087DC9: transmit_ready (connection.c:1288)
==4736== by 0x60AF1C4: run_ready (scheduler.c:602)
==4736== by 0x60AF995: GNUNET_SCHEDULER_run (scheduler.c:790)
==4736== by 0x60BDFE5: GNUNET_SERVICE_run (service.c:1795)
==4736== by 0x402F63: main (gnunet-service-dht.c:184)
==4736==
==4736== Invalid read of size 8
==4736== at 0x4C2C38A: memcpy@@GLIBC_2.14 (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4736== by 0x405512: send_reply_to_client (gnunet-service-dht_clients.c:821)
==4736== by 0x60B49CA: transmit_ready_callback_wrapper (server.c:1437)
==4736== by 0x608728D: process_notify (connection.c:1157)
==4736== by 0x6087DC9: transmit_ready (connection.c:1288)
==4736== by 0x60AF1C4: run_ready (scheduler.c:602)
==4736== by 0x60AF995: GNUNET_SCHEDULER_run (scheduler.c:790)
==4736== by 0x60BDFE5: GNUNET_SERVICE_run (service.c:1795)
==4736== by 0x402F63: main (gnunet-service-dht.c:184)
==4736== Address 0x96d1d30 is 320 bytes inside a block of size 346 free'd
==4736== at 0x4C29A9E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4736== by 0x607E0A8: GNUNET_xfree_ (common_allocation.c:230)
==4736== by 0x405687: send_reply_to_client (gnunet-service-dht_clients.c:826)
==4736== by 0x60B49CA: transmit_ready_callback_wrapper (server.c:1437)
==4736== by 0x608728D: process_notify (connection.c:1157)
==4736== by 0x6087DC9: transmit_ready (connection.c:1288)
==4736== by 0x60AF1C4: run_ready (scheduler.c:602)
==4736== by 0x60AF995: GNUNET_SCHEDULER_run (scheduler.c:790)
==4736== by 0x60BDFE5: GNUNET_SERVICE_run (service.c:1795)
==4736== by 0x402F63: main (gnunet-service-dht.c:184)
==4736==
==4736== Invalid read of size 2
==4736== at 0x40551B: send_reply_to_client (gnunet-service-dht_clients.c:822)
==4736== by 0x60B49CA: transmit_ready_callback_wrapper (server.c:1437)
==4736== by 0x608728D: process_notify (connection.c:1157)
==4736== by 0x6087DC9: transmit_ready (connection.c:1288)
==4736== by 0x60AF1C4: run_ready (scheduler.c:602)
==4736== by 0x60AF995: GNUNET_SCHEDULER_run (scheduler.c:790)
==4736== by 0x60BDFE5: GNUNET_SERVICE_run (service.c:1795)
==4736== by 0x402F63: main (gnunet-service-dht.c:184)
==4736== Address 0x96d1c0a is 26 bytes inside a block of size 346 free'd
==4736== at 0x4C29A9E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4736== by 0x607E0A8: GNUNET_xfree_ (common_allocation.c:230)
==4736== by 0x405687: send_reply_to_client (gnunet-service-dht_clients.c:826)
==4736== by 0x60B49CA: transmit_ready_callback_wrapper (server.c:1437)
==4736== by 0x608728D: process_notify (connection.c:1157)
==4736== by 0x6087DC9: transmit_ready (connection.c:1288)
==4736== by 0x60AF1C4: run_ready (scheduler.c:602)
==4736== by 0x60AF995: GNUNET_SCHEDULER_run (scheduler.c:790)
==4736== by 0x60BDFE5: GNUNET_SERVICE_run (service.c:1795)
==4736== by 0x402F63: main (gnunet-service-dht.c:184)
==4736==

Bart Polot

2012-07-17 19:09

manager   ~0006253

More context about the errors in the previous message: (gnunet-service-dht_clients.c)

forward_reply -> add_pending_message:
ADDED 0x96d1bf0
ADDED 0x96d2cb0

send_reply_to_client:
SEND 0x96d1bf0 (pending_head: 0x96d1bf0), size 322 type 145
FREE 0x96d1bf0 (pending_head: 0x96d2cb0)

Invalid read of size 2 Address 0x96d1c08, reading msg->size in:
while ((NULL != (reply = client->pending_head)) &&
         (size >= off + (msize = ntohs (reply->msg->size))))

[Note that although pending_head (and therefore reply) is 0x96d2..., reply->msg is still 0x96d1...]

process_pending_messages (from send_reply_to_client):
Invalid read of size 2 Address 0x96d1c08, reading msg->size in:
  client->transmit_handle =
      GNUNET_SERVER_notify_transmit_ready (client->client_handle,
                                           ntohs (client->pending_head->
                                                  msg->size),
                                           GNUNET_TIME_UNIT_FOREVER_REL,
                                           &send_reply_to_client, client);

[mesh gets first block and processes it]

send_reply_to_client, 2nd while iteration:
Invalid read of size 2 Address 0x96d1c0a (GNUNET_log)
Invalid read of size 2 Address 0x96d1c08 (GNUNET_log)
SEND 0x96d2cb0 (pending_head: 0x96d2cb0), size 322 type 145
Invalid read of size 1 Address 0x96d1d49, memcpy (&cbuf[off], reply->msg, msize);
Invalid read of size 8 Address 0x96d1d40, memcpy (&cbuf[off], reply->msg, msize);
Invalid read of size 8 Address 0x96d1d30, memcpy (&cbuf[off], reply->msg, msize);
Invalid read of size 2 Address 0x96d1c0a, debug msg->type

FREE 0x96d2cb0 (pending_head: (nil))


*************************************************

The problematic messages always come to add_pending_message via forward_reply, I guess that the reply->msg gets misconstructed there.

Bart Polot

2012-07-17 19:11

manager   ~0006254

Got it!

Bart Polot

2012-07-17 19:16

manager   ~0006255

Fixed in r22724.

Issue History

Date Modified Username Field Change
2012-07-16 14:57 Bart Polot New Issue
2012-07-16 14:57 Bart Polot Status new => assigned
2012-07-16 14:57 Bart Polot Assigned To => Bart Polot
2012-07-16 15:34 Bart Polot Note Added: 0006243
2012-07-16 17:38 Bart Polot Note Added: 0006244
2012-07-17 15:07 Bart Polot Note Added: 0006248
2012-07-17 15:09 Bart Polot Note Added: 0006249
2012-07-17 16:29 Bart Polot Note Added: 0006251
2012-07-17 18:32 Bart Polot Note Added: 0006252
2012-07-17 19:09 Bart Polot Note Added: 0006253
2012-07-17 19:11 Bart Polot Note Added: 0006254
2012-07-17 19:16 Bart Polot Note Added: 0006255
2012-07-17 19:16 Bart Polot Status assigned => resolved
2012-07-17 19:16 Bart Polot Fixed in Version => 0.9.4
2012-07-17 19:16 Bart Polot Resolution open => fixed
2012-07-18 00:06 Christian Grothoff Target Version => 0.9.4
2012-11-05 18:34 Christian Grothoff Status resolved => closed