Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CCI sock driver crashes when using cci_disconnect #9

Open
facundominguez opened this issue Jan 3, 2012 · 2 comments
Open

CCI sock driver crashes when using cci_disconnect #9

facundominguez opened this issue Jan 3, 2012 · 2 comments

Comments

@facundominguez
Copy link

The patch for reproducing the problem and the valgrind output follows.

From dcd239c1c5cfc8d66cd13b0168ff4377ca825147 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Facundo=20Dom=C3=ADnguez?= <[email protected]>
Date: Thu, 22 Dec 2011 10:42:12 -0200
Subject: Exposes memory bug in CCI with the test programs.

compile src/test/server.c
compile src/test/client.c

Create a configuration file like the following:

$ cat config.ini
[eth1]
driver = sock
ip = 192.168.0.1
mac = 00:e0:7d:ad:95:5e
default = 1

Then run:
$ CCI_CONFIG=config.ini valgrind ./server
opened ip://192.168.0.1:38315
...

$ ./client -h ip://192.168.0.1:38315

Valgrind reports several invalid reads and the server eventually crashes
by connecting a client enough times to the same server.

---
 src/tests/client.c |    2 ++
 src/tests/server.c |    8 +++++++-
 2 files changed, 9 insertions(+), 1 deletions(-)

diff --git a/src/tests/client.c b/src/tests/client.c
index 2ad3415..0a1471a 100644
--- a/src/tests/client.c
+++ b/src/tests/client.c
@@ -50,6 +50,8 @@ poll_events(cci_endpoint_t * endpoint, cci_connection_t ** connection,
        case CCI_EVENT_CONNECT_ACCEPTED:
            *done = 1;
            *connection = event->accepted.connection;
+           fprintf(stderr, "accepted %d\n",
+               (int)((uintptr_t) event->accepted.context));
            break;
        case CCI_EVENT_CONNECT_TIMEDOUT:
        case CCI_EVENT_CONNECT_REJECTED:
diff --git a/src/tests/server.c b/src/tests/server.c
index 3070e35..e5f8087 100644
--- a/src/tests/server.c
+++ b/src/tests/server.c
@@ -47,7 +47,13 @@ int main(int argc, char *argv[])
    }
    printf("opened %s\n", endpoint->name);

-   while (!done) {
+   while (1) {
+       if (done && connection) {
+           fprintf(stderr, "disconnecting\n");
+           cci_disconnect(connection);
+           connection = NULL;
+       }
+
        int accept = 1;
        cci_event_t *event;

-- 
1.7.2.5

sh-4.1$ CCI_CONFIG=../../../cci.ini valgrind ./server
==10872== Memcheck, a memory error detector
==10872== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==10872== Using Valgrind-3.6.0.SVN-Debian and LibVEX; rerun with -h for copyright info
==10872== Command: ./server
==10872==
opened ip://192.168.0.1:38315
recv'd "data: 0Hello World!"
recv'd "data: 1Hello World!"
recv'd "data: 2Hello World!"
recv'd "data: 3Hello World!"
recv'd "data: 4Hello World!"
recv'd "data: 5Hello World!"
recv'd "data: 6Hello World!"
recv'd "data: 7Hello World!"
recv'd "data: 8Hello World!"
recv'd "data: 9Hello World!"
completed send
completed send
completed send
completed send
completed send
completed send
completed send
completed send
completed send
completed send
disconnecting
==10872== Invalid read of size 8
==10872== at 0x59A597C: sock_progress_pending (core_sock_api.c:1628)
==10872== by 0x59A65F6: sock_progress_sends (core_sock_api.c:1953)
==10872== by 0x59ABF92: sock_progress_dev (core_sock_api.c:3606)
==10872== by 0x59A4E94: sock_get_event (core_sock_api.c:1459)
==10872== by 0x4E2D004: cci_get_event (get_event.c:23)
==10872== by 0x400D23: main (server.c:60)
==10872== Address 0x735cd80 is 48 bytes inside a block of size 56 free'd
==10872== at 0x4C240FD: free (vg_replace_malloc.c:366)
==10872== by 0x59A4974: sock_disconnect (core_sock_api.c:1352)
==10872== by 0x4E2CDBB: cci_disconnect (disconnect.c:27)
==10872== by 0x400D01: main (server.c:53)
==10872==
==10872== Invalid read of size 8
==10872== at 0x59A5990: sock_progress_pending (core_sock_api.c:1631)
==10872== by 0x59A65F6: sock_progress_sends (core_sock_api.c:1953)
==10872== by 0x59ABF92: sock_progress_dev (core_sock_api.c:3606)
==10872== by 0x59A4E94: sock_get_event (core_sock_api.c:1459)
==10872== by 0x4E2D004: cci_get_event (get_event.c:23)
==10872== by 0x400D23: main (server.c:60)
==10872== Address 0x735cd58 is 8 bytes inside a block of size 56 free'd
==10872== at 0x4C240FD: free (vg_replace_malloc.c:366)
==10872== by 0x59A4974: sock_disconnect (core_sock_api.c:1352)
==10872== by 0x4E2CDBB: cci_disconnect (disconnect.c:27)
==10872== by 0x400D01: main (server.c:53)
==10872==
==10872== Invalid read of size 8
==10872== at 0x59A58D1: sock_progress_pending (core_sock_api.c:1730)
==10872== by 0x59A65F6: sock_progress_sends (core_sock_api.c:1953)
==10872== by 0x59ABF92: sock_progress_dev (core_sock_api.c:3606)
==10872== by 0x59A4E94: sock_get_event (core_sock_api.c:1459)
==10872== by 0x4E2D004: cci_get_event (get_event.c:23)
==10872== by 0x400D23: main (server.c:60)
==10872== Address 0x735cddc is 12 bytes inside a block of size 168 free'd
==10872== at 0x4C240FD: free (vg_replace_malloc.c:366)
==10872== by 0x59A4968: sock_disconnect (core_sock_api.c:1351)
==10872== by 0x4E2CDBB: cci_disconnect (disconnect.c:27)
==10872== by 0x400D01: main (server.c:53)
==10872==
==10872== Invalid read of size 8
==10872== at 0x59A58D5: sock_progress_pending (core_sock_api.c:1730)
==10872== by 0x59A65F6: sock_progress_sends (core_sock_api.c:1953)
==10872== by 0x59ABF92: sock_progress_dev (core_sock_api.c:3606)
==10872== by 0x59A4E94: sock_get_event (core_sock_api.c:1459)
==10872== by 0x4E2D004: cci_get_event (get_event.c:23)
==10872== by 0x400D23: main (server.c:60)
==10872== Address 0x735cde4 is 20 bytes inside a block of size 168 free'd
==10872== at 0x4C240FD: free (vg_replace_malloc.c:366)
==10872== by 0x59A4968: sock_disconnect (core_sock_api.c:1351)
==10872== by 0x4E2CDBB: cci_disconnect (disconnect.c:27)
==10872== by 0x400D01: main (server.c:53)
==10872==
==10872==
==10872== HEAP SUMMARY:
==10872== in use at exit: 9,830,028 bytes in 2,354 blocks
==10872== total heap usage: 2,383 allocs, 29 frees, 9,867,715 bytes allocated
==10872==
==10872== LEAK SUMMARY:
==10872== definitely lost: 0 bytes in 0 blocks
==10872== indirectly lost: 0 bytes in 0 blocks
==10872== possibly lost: 67,888 bytes in 16 blocks
==10872== still reachable: 9,762,140 bytes in 2,338 blocks
==10872== suppressed: 0 bytes in 0 blocks
==10872== Rerun with --leak-check=full to see details of leaked memory
==10872==
==10872== For counts of detected and suppressed errors, rerun with: -v
==10872== ERROR SUMMARY: 1127092 errors from 4 contexts (suppressed: 4 from 4)
@scottatchley
Copy link
Contributor

Geoffroy,

Can we close this?

Scott

@gvallee
Copy link
Contributor

gvallee commented May 13, 2013

Yes

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gvallee @scottatchley @facundominguez