[go: nahoru, domu]
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Segmentation fault after bufferevent_write #1664

Open
happybanban opened this issue May 29, 2024 · 7 comments
Open

Segmentation fault after bufferevent_write #1664

happybanban opened this issue May 29, 2024 · 7 comments
Labels
status:unconfirmed

Comments

@happybanban
Copy link
happybanban commented May 29, 2024
edited
Loading

Hello, I got a issue after bufferevent_write is called.

It looks memcpy error at evbuffer_add (buffer.c)
memcpy-avx-unaligned

libevent version: libevent-2.1.12-stable

below is stack trace.

Thread 263 "xxxxx." received signal SIGSEGV, Segmentation fault.

[Switching to Thread 0x7fff1ffd7700 (LWP 18737)]
__memcpy_avx_unaligned () at ../sysdeps/x86_64/multiarch/memcpy-avx-unaligned.S:148
148 ../sysdeps/x86_64/multiarch/memcpy-avx-unaligned.S: no such file or directory

(gdb)
bt
#0 __memcpy_avx_unaligned () at ../sysdeps/x86_64/multiarch/memcpy-avx-unaligned.S:148
#1 0x00007fffee5e8a03 in memcpy (__len=, __src=, __dest=)
at /usr/include/x86_64-linux-gnu/bits/string3.h:53
#2 evbuffer_add (buf=0x7fff940029f0, data_in=0x7fff1ffd63c0, datlen=6) at buffer.c:1781
#3 0x00007fffee5ee280 in bufferevent_write (bufev=, data=, size=) at bufferevent.c:454

Thanks.
@widgetii
Copy link
Member

Can you make a simple reproducer?

@azat
Copy link
Member
azat commented Jun 1, 2024

Or run under ASAN (or valgrind as a last resort)

@happybanban
Copy link
Author
happybanban commented Jun 4, 2024
edited
Loading

Or run under ASAN (or valgrind as a last resort)
.

@liudongmiao
Copy link
Contributor

@happybanban Do you make sure the argument of bufferevent_write is right?

  1. the data and size argument is valid
  2. don't make data point to inner memory of the bufferevent's output.

data_in=0x7fff1ffd63c0, datlen=6 seems wrong, as it's very closer to Thread 0x7fff1ffd7700.

@happybanban
Copy link
Author

@happybanban Do you make sure the argument of bufferevent_write is right?

  1. the data and size argument is valid
  2. don't make data point to inner memory of the bufferevent's output.

data_in=0x7fff1ffd63c0, datlen=6 seems wrong, as it's very closer to Thread 0x7fff1ffd7700.

Thanks! data and size should be valid. Below is my source code. Please give me some suggestion.Thanks!
BTW The problem doesn't happen every time, it happens occasionally.

void send_start(struct bufferevent* bev)
{
BYTE start[6] = { 0x68,0x04,0x07,0x00,0x00,0x00 };
bufferevent_write(bev, start, 6);
}

@liudongmiao
Copy link
Contributor

@happybanban Then, the possible case is use-after-free.
You can log it, free log, and write log.

@azat
Copy link
Member
azat commented Jun 23, 2024

@happybanban just use ASan to verify your code

You just need to compile your code with -fsanitize=address

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status:unconfirmed
Milestone
No milestone
Development

No branches or pull requests
4 participants
@azat @liudongmiao @widgetii @happybanban