[nanomsg] Survey crashes on second round with survey strings longer than 30 bytes
- From: Dirk Reiners <dirk.reiners@xxxxxxxxx>
- To: nanomsg@xxxxxxxxxxxxx
- Date: Mon, 28 Oct 2013 18:47:58 -0500
Hi All,
I've been trying to use nanomsg as a nice and small library for a
networking project, but I'm having some problems. I've narrowed it down to
the length of the survey name for the survey mode, but I'm not sure how to
fix it. I'm using 7e06881 (head as of today).
To reproduce: download http://privatepaste.com/96e477a6ce, which is a
slightly modified version of the survey.c example from
http://tim.dysinger.net/posts/2013-09-16-getting-started-with-nanomsg.html.
The differences are that it does multiple rounds of surveys and that
it
can do surveys of different lengths.
If you run it as ./survey-crash server ipc:///tmp/survey.ipc (you don't
have to run a client, but you can if you want to) it will use a 31
character survey string and crash on the second survey round with
Assertion failed: nn_getl ((uint8_t*) p - sizeof (uint32_t)) ==
NN_CHUNK_TAG (src/utils/chunk.c:157)
And it's right, the actual tag there is NN_CHUNK_TAG_DEALLOCATED, so it
looks like the chunk was freed already. valgrind confirms that:
==2804923== Invalid read of size 1
==2804923== at 0x4C29B67: nn_getl (wire.c:45)
==2804923== by 0x4C2782A: nn_chunk_getptr (chunk.c:157)
==2804923== by 0x4C276A2: nn_chunk_free (chunk.c:99)
==2804923== by 0x4C279C3: nn_chunkref_term (chunkref.c:73)
==2804923== by 0x4C28FA3: nn_msg_term (msg.c:42)
==2804923== by 0x4C2FC48: nn_surveyor_send (surveyor.c:202)
==2804923== by 0x4C20217: nn_sock_send (sock.c:524)
==2804923== by 0x4C1DD7F: nn_send (global.c:529)
==2804923== by 0x400D1E: server(char const*) (in
/home/reiners/Materials/SWEng/553/Homeworks/2013_Sketchcraft/Sketchcraft.hw/q/survey-crash)
==2804923== by 0x400FCA: main (in
/home/reiners/Materials/SWEng/553/Homeworks/2013_Sketchcraft/Sketchcraft.hw/q/survey-crash)
==2804923== Address 0x50836cc is 28 bytes inside a block of size 73 free'd
==2804923== at 0x4A07786: free (vg_replace_malloc.c:446)
==2804923== by 0x4C27536: nn_free (alloc.c:144)
==2804923== by 0x4C278B2: nn_chunk_default_free (chunk.c:166)
==2804923== by 0x4C276EE: nn_chunk_free (chunk.c:113)
==2804923== by 0x4C279C3: nn_chunkref_term (chunkref.c:73)
==2804923== by 0x4C28FA3: nn_msg_term (msg.c:42)
==2804923== by 0x4C312B4: nn_dist_send (dist.c:81)
==2804923== by 0x4C30EEC: nn_xsurveyor_send (xsurveyor.c:149)
==2804923== by 0x4C30190: nn_surveyor_handler (surveyor.c:367)
==2804923== by 0x4C22621: nn_fsm_feed (fsm.c:72)
==2804923== by 0x4C22A86: nn_fsm_action (fsm.c:167)
==2804923== by 0x4C2FCD5: nn_surveyor_send (surveyor.c:221)
Running it as ./survey-crash -n server ipc:///tmp/survey.ipc will use a 30
byte server string and work fine.
Can somebody take a look what's going wrong there?
Thanks!
Dirk
Other related posts:
