View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0004076 | GNUnet | rps service | public | 2015-11-29 21:44 | 2018-06-07 00:24 |
| Reporter | ch3 | Assigned To | ch3 | ||
| Priority | normal | Severity | crash | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Product Version | Git master | ||||
| Target Version | 0.11.0pre66 | Fixed in Version | 0.11.0pre66 | ||
| Summary | 0004076: core dump in rps helper | ||||
| Description | I'm stuck in implementing a helper for the rps service. I spent quite a while on it without progress. Maybe it's obvious once written down. | ||||
| Steps To Reproduce | cd gnunet/src/rps/ make test_service_rps_view ./test_service_rps_view | ||||
| Additional Information | The helper is gnunet-service-rps_view.c. It crashes while executing the testcase test_service_rps_peers.c due to memory corruption. test_service_rps_view.c: 49: CHECK (0 == View_size ()); 50: 51: CHECK (GNUNET_OK == View_put (&k1)); /* <-- crashes */ The important code in gnunet gnunet-service-rps_view.c: 144: *index = (uint32_t) View_size (); 145: array[*index] = *peer; According to valgrind the second line does an invalid write. ==22856== Invalid write of size 8 ==22856== at 0x40112C: View_put (gnunet-service-rps_view.c:145) ==22856== by 0x401822: check (test_service_rps_view.c:53) ==22856== by 0x402217: main (test_service_rps_view.c:120) That is completely reasonable as array is of size 3 and according to gdb *index is 3: 145 array[*index] = *peer; (gdb) p *index $1 = 3 But here is the thing: It should not be 3: 144 *index = (uint32_t) View_size (); (gdb) p View_size() $1 = 0 (gdb) p *index $2 = 0 (gdb) p *index = (uint32_t) View_size() $3 = 0 (gdb) p *index $4 = 0 (gdb) n 145 array[*index] = *peer; (gdb) p *index $5 = 3 (gdb) p View_size() $6 = 0 Also recall the test test_service_rps_view.c: 49: CHECK (0 == View_size ()); 50: 51: CHECK (GNUNET_OK == View_put (&k1)); We assure that View_size() really is 0. Also earlier in the same function View_put() we assure that View_size() is not >= the arraysize: 136: if ((length <= View_size ()) || /* If array is 'full' */ 137: (/* ... */)) 138: {(gdb) p length 139: return GNUNET_NO; 140: } 141: else 142: { 143: index = GNUNET_new (uint32_t); 144: *index = (uint32_t) View_size (); (gdb) p length $7 = 3 | ||||
| Tags | No tags attached. | ||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2015-11-29 21:44 | ch3 | New Issue | |
| 2015-11-29 21:44 | ch3 | Status | new => assigned |
| 2015-11-29 21:44 | ch3 | Assigned To | => ch3 |
| 2015-11-30 08:29 | Christian Grothoff | Severity | minor => crash |
| 2015-11-30 12:05 | ch3 | Note Added: 0009960 | |
| 2015-11-30 22:53 | ch3 | Resolution | open => fixed |
| 2015-11-30 22:54 | ch3 | Note Added: 0009961 | |
| 2015-11-30 22:54 | ch3 | Status | assigned => resolved |
| 2017-02-26 02:18 | Christian Grothoff | Fixed in Version | => 0.11.0pre66 |
| 2017-02-26 02:18 | Christian Grothoff | Target Version | => 0.11.0pre66 |
| 2018-06-07 00:24 | Christian Grothoff | Status | resolved => closed |
