0003185: set union dereferences null at gnunet-service-set_union.c:645 - MantisBT

ID	Project	Category	View Status	Date Submitted	Last Update

0003185	GNUnet	set service	public	2013-12-09 23:10	2013-12-24 20:54

Reporter	Christian Grothoff	Assigned To	Florian Dold
Priority	high	Severity	crash	Reproducibility	have not tried
Status	closed	Resolution	fixed
Product Version	Git master
Target Version	0.10.0

Summary	0003185: set union dereferences null at gnunet-service-set_union.c:645
Description	Program terminated with signal 11, Segmentation fault. #0 0x0000000000406acb in send_strata_estimator (op=0xf80da0) at gnunet-service-set_union.c:645 645 strata_estimator_write (op->state->se, &strata_msg[1]); (gdb) ba #0 0x0000000000406acb in send_strata_estimator (op=0xf80da0) at gnunet-service-set_union.c:645 #1 0x000000000040868d in union_accept (op=0xf80da0) at gnunet-service-set_union.c:1228 #2 0x0000000000405655 in handle_client_accept (cls=0x0, client=0xf63e90, mh=0x7fffaeed5270) at gnunet-service-set.c:1111 #3 0x00007ffd53388e7f in GNUNET_SERVER_inject (server=0xf67a70, sender=0xf63e90, message=0x7fffaeed5270) at server.c:985 #4 0x00007ffd5338957c in client_message_tokenizer_callback (cls=0xf67a70, client=0xf63e90, message=0x7fffaeed5270) at server.c:1205 #5 0x00007ffd5338b92d in GNUNET_SERVER_mst_receive (mst=0xf75a60, client_identity=0xf63e90, buf=0x7fffaeed5270 "", size=14, purge=0, one_shot=-1) at server_mst.c:262 #6 0x00007ffd5338930d in process_incoming (cls=0xf63e90, buf=0x7fffaeed5270, available=14, addr=0xf69b00, addrlen=2, errCode=0) at server.c:1136 #7 0x00007ffd5335ab87 in receive_ready (cls=0xf61ae0, tc=0x7fffaeee5300) at connection.c:1062 #8 0x00007ffd533854c2 in run_ready (rs=0xf67300, ws=0xf67390) at scheduler.c:595 #9 0x00007ffd53385cd3 in GNUNET_SCHEDULER_run (task=0x7ffd53390ac4 <service_task>, task_cls=0x7fffaeee56a0) at scheduler.c:817 #10 0x00007ffd533925e5 in GNUNET_SERVICE_run (argc=3, argv=0x7fffaeee5928, service_name=0x40bda3 "set", options=GNUNET_SERVICE_OPTION_NONE, task=0x405cdb <run>, task_cls=0x0) at service.c:1478 #11 0x0000000000405e2d in main (argc=3, argv=0x7fffaeee5928) at gnunet-service-set.c:1402 (gdb) ba #0 0x0000000000406acb in send_strata_estimator (op=0xf80da0) at gnunet-service-set_union.c:645 #1 0x000000000040868d in union_accept (op=0xf80da0) at gnunet-service-set_union.c:1228 #2 0x0000000000405655 in handle_client_accept (cls=0x0, client=0xf63e90, mh=0x7fffaeed5270) at gnunet-service-set.c:1111 #3 0x00007ffd53388e7f in GNUNET_SERVER_inject (server=0xf67a70, sender=0xf63e90, message=0x7fffaeed5270) at server.c:985 #4 0x00007ffd5338957c in client_message_tokenizer_callback (cls=0xf67a70, client=0xf63e90, message=0x7fffaeed5270) at server.c:1205 #5 0x00007ffd5338b92d in GNUNET_SERVER_mst_receive (mst=0xf75a60, client_identity=0xf63e90, buf=0x7fffaeed5270 "", size=14, purge=0, one_shot=-1) at server_mst.c:262 #6 0x00007ffd5338930d in process_incoming (cls=0xf63e90, buf=0x7fffaeed5270, available=14, addr=0xf69b00, addrlen=2, errCode=0) at server.c:1136 #7 0x00007ffd5335ab87 in receive_ready (cls=0xf61ae0, tc=0x7fffaeee5300) at connection.c:1062 #8 0x00007ffd533854c2 in run_ready (rs=0xf67300, ws=0xf67390) at scheduler.c:595 #9 0x00007ffd53385cd3 in GNUNET_SCHEDULER_run (task=0x7ffd53390ac4 <service_task>, task_cls=0x7fffaeee56a0) at scheduler.c:817 #10 0x00007ffd533925e5 in GNUNET_SERVICE_run (argc=3, argv=0x7fffaeee5928, service_name=0x40bda3 "set", options=GNUNET_SERVICE_OPTION_NONE, task=0x405cdb <run>, task_cls=0x0) at service.c:1478 #11 0x0000000000405e2d in main (argc=3, argv=0x7fffaeee5928) at gnunet-service-set.c:1402 ( (gdb) print *op $1 = {vt = 0x0, channel = 0x0, mq = 0x0, is_incoming = 0, generation_created = 0, spec = 0x0, state = 0x0, next = 0x0, prev = 0x0, keep = 0}
Steps To Reproduce	../testbed/gnunet-testbed-profiler -c test_transport_dv_data.conf -p 10 -e 100
Tags	No tags attached.

Florian Dold 2013-12-09 23:35 developer ~0007808	This looks strange, send_strata_estimator is only called from union_accept in gnunet-service-set_union.c, and union_accept mallocs and sets the operation's state field ... I really don't see how to get to this state without something going terribly wrong earlier, I'm going to have to do some debugging ...

Florian Dold 2013-12-10 00:25 developer ~0007809	Should be fixed in r3124. Was caused by a bug when rejecting set operations.

Date Modified	Username	Field	Change
2013-12-09 23:10	Christian Grothoff	New Issue
2013-12-09 23:10	Christian Grothoff	Status	new => assigned
2013-12-09 23:10	Christian Grothoff	Assigned To	=> Florian Dold
2013-12-09 23:35	Florian Dold	Note Added: 0007808
2013-12-10 00:25	Florian Dold	Note Added: 0007809
2013-12-10 00:25	Florian Dold	Status	assigned => resolved
2013-12-10 00:25	Florian Dold	Resolution	open => fixed
2013-12-24 20:54	Christian Grothoff	Status	resolved => closed