View Issue Details

IDProjectCategoryView StatusLast Update
0004908GNUnetcadet servicepublic2018-06-07 00:24
ReporterChristian GrothoffAssigned ToChristian Grothoff 
PrioritynormalSeveritycrashReproducibilityalways
Status closedResolutionfixed 
Platformi7OSDebian GNU/LinuxOS Versionsqueeze
Product VersionSVN HEAD 
Target Version0.11.0pre66Fixed in Version0.11.0pre66 
Summary0004908: new cadet API not good at tolerating destroy during transmission success CB
DescriptionFrom conversation test:

==18201== Invalid write of size 4
==18201== at 0x4856288: cadet_mq_send_now (cadet_api_new.c:486)
==18201== by 0x48FF300: run_ready (scheduler.c:620)
==18201== by 0x48FFDFE: GNUNET_SCHEDULER_run (scheduler.c:887)
==18201== by 0x49219C4: GNUNET_SERVICE_ruN_ (service_new.c:1844)
==18201== by 0x11055C: main (gnunet-service-conversation.c:1321)
==18201== Address 0x5816984 is 52 bytes inside a block of size 76 free'd
==18201== at 0x482E438: free (vg_replace_malloc.c:530)
==18201== by 0x48939E5: GNUNET_xfree_ (common_allocation.c:330)
==18201== by 0x4855B96: destroy_channel (cadet_api_new.c:352)
==18201== by 0x4859565: GNUNET_CADET_channel_destroy (cadet_api_new.c:1277)
==18201== by 0x10A9F0: destroy_line_cadet_channels (gnunet-service-conversation.c:318)
==18201== by 0x10AC2C: mq_done_finish_caller_shutdown (gnunet-service-conversation.c:345)
==18201== by 0x48E32AE: GNUNET_MQ_impl_send_in_flight (mq.c:491)
==18201== by 0x485625C: cadet_mq_send_now (cadet_api_new.c:485)
==18201== by 0x48FF300: run_ready (scheduler.c:620)
==18201== by 0x48FFDFE: GNUNET_SCHEDULER_run (scheduler.c:887)
==18201== by 0x49219C4: GNUNET_SERVICE_ruN_ (service_new.c:1844)
==18201== by 0x11055C: main (gnunet-service-conversation.c:1321)
==18201== Block was alloc'd at
==18201== at 0x482D27C: malloc (vg_replace_malloc.c:299)
==18201== by 0x489365D: GNUNET_xmalloc_unchecked_ (common_allocation.c:227)
==18201== by 0x4892F6E: GNUNET_xmalloc_ (common_allocation.c:75)
==18201== by 0x4855579: create_channel (cadet_api_new.c:292)
==18201== by 0x4856C9F: handle_channel_created (cadet_api_new.c:656)
==18201== by 0x48E172D: GNUNET_MQ_inject_message (mq.c:265)
==18201== by 0x488F800: recv_message (client.c:301)
==18201== by 0x48E078F: GNUNET_MST_from_buffer (mst.c:232)
==18201== by 0x48E1320: GNUNET_MST_read (mst.c:359)
==18201== by 0x489027F: receive_ready (client.c:383)
==18201== by 0x48FF300: run_ready (scheduler.c:620)
==18201== by 0x48FFDFE: GNUNET_SCHEDULER_run (scheduler.c:887)
==
Additional InformationReal question is if we should consider this a bug in conversation, or in cadet API ;-)
TagsNo tags attached.

Activities

Christian Grothoff

2017-02-21 17:37

manager   ~0011802

Bug is tricky, now mutated to:

==21969== Invalid write of size 4
==21969== at 0x4855EDF: cadet_mq_send_continue (cadet_api_new.c:454)
==21969== by 0x48E30B7: GNUNET_MQ_impl_send_continue (mq.c:459)
==21969== by 0x488F76C: transmit_ready (client.c:281)
==21969== by 0x48FF300: run_ready (scheduler.c:620)
==21969== by 0x48FFDFE: GNUNET_SCHEDULER_run (scheduler.c:887)
==21969== by 0x49219C4: GNUNET_SERVICE_ruN_ (service_new.c:1844)
==21969== by 0x11055C: main (gnunet-service-conversation.c:1321)
==21969== Address 0x5813808 is 48 bytes inside a block of size 76 free'd
==21969== at 0x482E438: free (vg_replace_malloc.c:530)
==21969== by 0x48939E5: GNUNET_xfree_ (common_allocation.c:330)
==21969== by 0x4855B96: destroy_channel (cadet_api_new.c:352)
==21969== by 0x4859565: GNUNET_CADET_channel_destroy (cadet_api_new.c:1277)
==21969== by 0x10A9F0: destroy_line_cadet_channels (gnunet-service-conversation.c:318)
==21969== by 0x10AC2C: mq_done_finish_caller_shutdown (gnunet-service-conversation.c:345)
==21969== by 0x48E32AE: GNUNET_MQ_impl_send_in_flight (mq.c:491)
==21969== by 0x4856301: cadet_mq_send_now (cadet_api_new.c:491)
==21969== by 0x48FF300: run_ready (scheduler.c:620)
==21969== by 0x48FFDFE: GNUNET_SCHEDULER_run (scheduler.c:887)
==21969== by 0x49219C4: GNUNET_SERVICE_ruN_ (service_new.c:1844)
==21969== by 0x11055C: main (gnunet-service-conversation.c:1321)
==21969== Block was alloc'd at
==21969== at 0x482D27C: malloc (vg_replace_malloc.c:299)
==21969== by 0x489365D: GNUNET_xmalloc_unchecked_ (common_allocation.c:227)
==21969== by 0x4892F6E: GNUNET_xmalloc_ (common_allocation.c:75)
==21969== by 0x4855579: create_channel (cadet_api_new.c:292)
==21969== by 0x4856C9F: handle_channel_created (cadet_api_new.c:656)
==21969== by 0x48E172D: GNUNET_MQ_inject_message (mq.c:265)
==21969== by 0x488F800: recv_message (client.c:301)
==21969== by 0x48E078F: GNUNET_MST_from_buffer (mst.c:232)
==21969== by 0x48E1320: GNUNET_MST_read (mst.c:359)
==21969== by 0x489027F: receive_ready (client.c:383)
==21969== by 0x48FF300: run_ready (scheduler.c:620)
==21969== by 0x48FFDFE: GNUNET_SCHEDULER_run (scheduler.c:887)
==21969==

Christian Grothoff

2017-02-21 17:46

manager   ~0011803

Seems fixed in 3767578..89e6063

Issue History

Date Modified Username Field Change
2017-02-21 16:51 Christian Grothoff New Issue
2017-02-21 16:51 Christian Grothoff Status new => assigned
2017-02-21 16:51 Christian Grothoff Assigned To => Christian Grothoff
2017-02-21 17:37 Christian Grothoff Note Added: 0011802
2017-02-21 17:46 Christian Grothoff Note Added: 0011803
2017-02-21 17:46 Christian Grothoff Status assigned => resolved
2017-02-21 17:46 Christian Grothoff Resolution open => fixed
2017-02-21 17:46 Christian Grothoff Fixed in Version => 0.11.0pre66
2018-06-07 00:24 Christian Grothoff Status resolved => closed