I am passing a compound structure pointer to a function after doing all the memory initializations in a test fixture. But as soon as the function gets called the sizeof that struct changes.
Have tried setting watchpoints and everything. don't the what's the issue.
Need help.
This is the code for the test.
sizeof(*ueCb) changes just after calling the function cwRrcSendMibCfgReq.
The function is copying some parameters from ueCb. ueCb has multiple structures inside of it. Accessing ueCb->currContestCellForSel in the function throws a segmentation fault even though I have explicitly allocated memory here. I have checked that the allocation occurs. I check sizeof(*ueCb) in gdb keeping the mentioned fucntion as a breakpoint. The header files are the same. Also ueId remains intact while calling the function. CW_ALLOC is an internal macro which allocates memory. it's working fine I have checked that.
Can't share the whole code because it's part of IP. This code is related to 5G protocol stack.My job is to do unit testing and the entire team isn't able to figure out where the problem is.
TEST(testMib1, test)
{
CwRrcUeCb* ueCb;
CW_ALLOC(CW_REG,CW_POOL,&ueCb, sizeof(CwRrcUeCb));
memset(ueCb, 0, sizeof(CwRrcUeCb));
ueCb->currContestCellForSel = (CwRrcCellCb *)
malloc(sizeof(CwRrcCellCb));
ueCb->currContestCellForSel->phyCellId = 5;
ueCb->ueId = 5;
S16 ret = ROK;
ret = cwRrcSendMibCfgReq(ueCb); // sizeof *ueCb changes after this statement
free(ueCb->currContestCellForSel);
CW_FREE(CW_REG, CW_POOL, ueCb, sizeof (CwRrcUeCb));
// have changed the order just to get to the main point
EXPECT_EQ(ROK, ret);
printf(" Event 9 Done\n\n\n");
}
The backtrace is as follows:
(gdb) backtrace
#0 0x000000000053a673 in cwRrcSendMibCfgReq (rrcUeCb=0x7ffff5d45320) at ../src/5gnrueapp/cw_rrc_fsm.c:2745
#1 0x000000000061dd59 in testMib1_test_Test::TestBody (this=0xa73500) at ../unittest/test_Event9Mib1.cc:79
#2 0x00007ffff71847a3 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing:
:Test::*)(), char const*) () from /lib64/libgtest.so.0
#3 0x00007ffff717ab27 in testing::Test::Run() () from /lib64/libgtest.so.0
#4 0x00007ffff717abce in testing::TestInfo::Run() () from /lib64/libgtest.so.0
#5 0x00007ffff717acd5 in testing::TestCase::Run() () from /lib64/libgtest.so.0
#6 0x00007ffff717e018 in testing::internal::UnitTestImpl::RunAllTests() () from /lib64/libgtest.so.0
#7 0x00007ffff717e2a7 in testing::UnitTest::Run() () from /lib64/libgtest.so.0
#8 0x000000000061e156 in main (argc=1, argv=0x7fffffffe1d8) at ../unittest/test_main.cc:38
the function which I'm testing
S16 cwRrcSendMibCfgReq(CwRrcUeCb * rrcUeCb)
{
CtzMibConfigRequest *mibConfig = NULLP;
CW_ALLOC(CW_REG, CW_POOL, &mibConfig, sizeof (CtzMibConfigRequest));
if(NULL == mibConfig)
{
RLOG1(L_FATAL,"Memory Allocation Failed while sending Mib config req ueId:%d",rrcUeCb->ueId);
RETVALUE(RFAILED);
}
mibConfig->pres.pres = 1;
mibConfig->systemFrameNumber = rrcUeCb->cwMibInfo.systemFrameNumber;
mibConfig->subCarrierSpacingCommon = rrcUeCb->cwMibInfo.subCarrierSpacingCommon;
mibConfig->ssb_SubcarrierOffset = rrcUeCb->cwMibInfo.ssb_SubcarrierOffset;
mibConfig->dmrs_TypeAPosition = rrcUeCb->cwMibInfo.dmrs_TypeAPosition;
mibConfig->pdcch_ConfigSIB1.controlResourceSetZero =
rrcUeCb->cwMibInfo.pdcch_ConfigSIB1.controlResourceSetZero;
mibConfig->pdcch_ConfigSIB1.searchSpaceZero = rrcUeCb->cwMibInfo.pdcch_ConfigSIB1.searchSpaceZero;
mibConfig->ueId = rrcUeCb->ueId;
mibConfig->cellId = rrcUeCb->currContestCellForSel->phyCellId;
RLOG0(L_DEBUG,"[CFGREQ] [SRC:RRC ==>> DST:CL(PHY)] : CTZ_CPHY_MIB_CFG_REQ");
printf("\n[SRC:RRC ==>> DST:CL(PHY)] : CTZ_CPHY_MIB_CFG_REQ\n");
CwLiCtzCfgReq(&cwCb.ctzSapCbLst[0]->pst,CTZ_CPHY_MIB_CFG_REQ, mibConfig);
RETVALUE(ROK);
}
Try to swap the order of these lines:
CW_FREE(CW_REG, CW_POOL, ueCb, sizeof (CwRrcUeCb));
free(ueCb->currContestCellForSel);
It seems like you first free ueCb with CW_FREE, and then you access a member pointer of ueCb with ueCb->currContestCellForSel, which might cause the segfault.
Related
I'm trying to find out how to store binary data from a C++ program in a MariaDB database and restore from there.
For a first try I created a db table DOCUMENT:
idDOCUMENT INT(10) PK
TYPE VARCHAR(45)
DESCRIPTION VARCHAR(45)
CREATIONDATE DATETIME
DATA LONGBLOB
The binary data shall go to the DATA field.
Now I try to upload a PDF document to that table using this C++ code:
ifstream inFile("/home/thomas/Projekte/test-and-trials/test-and-trials/Contract.pdf", ios::binary);
const string INSERTtoDocument = "INSERT INTO DOCUMENT(TYPE,DESCRIPTION,DATA) VALUES(?, ?, ?)";
shared_ptr<sql::PreparedStatement> insertDocument(con->prepareStatement(INSERTtoDocument));
insertDocument->setString(1, "PDF");
insertDocument->setString(2, "Contract");
insertDocument->setBlob(3, &inFile);
int code = insertDocument->executeUpdate();
After executing that I can see in MySQL workbench that a new record has been created.
I can even download the blob from there, view the file in a PDF viewer. diff says that this download is binary same to what I uploaded.
Next I try to download the file using this C++ code:
const string QUERYblob = "SELECT * FROM DOCUMENT WHERE idDOCUMENT=?";
shared_ptr<sql::PreparedStatement> selectDocument(con->prepareStatement(QUERYblob));
selectDocument->setUInt(1, 12);
shared_ptr<sql::ResultSet> res(selectDocument->executeQuery());
res->first();
string docType = res->getString("TYPE");
string docDescr = res->getString("DESCRIPTION");
istream *blobStream = res->getBlob("DATA");
string docType = res->getString("TYPE");
returns "PDF". Correct so far.
string docDescr = res->getString("DESCRIPTION");
gives me "Contract". Also fine.
But
istream *blobStream = res->getBlob("DATA");
crashes with a segment violation. Reliably, each and every time.
Whats going on here?
bt full shows:
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff6f7ba50 in __memcpy_ssse3 () from /lib64/libc.so.6
(gdb) bt full
#0 0x00007ffff6f7ba50 in __memcpy_ssse3 () from /lib64/libc.so.6
No symbol table info available.
#1 0x00007ffff7b939f7 in ?? () from /usr/lib64/libmysqlcppconn.so.7
No symbol table info available.
#2 0x00007ffff7b97658 in sql::mysql::MySQL_Prepared_ResultSet::getString(unsigned int) const () from /usr/lib64/libmysqlcppconn.so.7
No symbol table info available.
#3 0x00007ffff7b9391c in sql::mysql::MySQL_Prepared_ResultSet::getString(sql::SQLString const&) const () from /usr/lib64/libmysqlcppconn.so.7
No symbol table info available.
#4 0x00007ffff7b97f98 in sql::mysql::MySQL_Prepared_ResultSet::getBlob(sql::SQLString const&) const () from /usr/lib64/libmysqlcppconn.so.7
No symbol table info available.
#5 0x0000000000401987 in main () at ../test-and-trials/main.cpp:49
driver = 0x618290
con = std::shared_ptr<sql::Connection> (use count 1, weak count 0) = {
get() = 0x63a500}
res = std::shared_ptr<sql::ResultSet> (use count 1, weak count 0) = {
get() = 0x636b20}
docDescr = "Contract"
buf = std::shared_ptr<char> (empty) = {
get() = 0x6 <error: Cannot access memory at address 0x6>}
docType = "PDF"
outFile = <incomplete type>
QUERYblob = "SELECT * FROM DOCUMENT WHERE idDOCUMENT=?"
selectDocument = std::shared_ptr<sql::PreparedStatement> (use count 1, weak count 0) = {get() = 0x63bde0}
blobStream = 0x402d90 <__libc_csu_init>
--Type <RET> for more, q to quit, c to continue without paging--
blobSize = 0
__FUNCTION__ = "main"
(gdb)
I wrote an llvm callgraphscc pass, it's very simple as following:
bool MyCallGraphSCCPass::runOnSCC(CallGraphSCC& SCC) {
for (CallGraphSCC::iterator it = SCC.begin(); it != SCC.end(); it++) {
CallGraphNode* node = *it;
Function* func = node->getFunction();
}
return false;
}
This just works fine. However, if I want to print the name of each function as following:
bool MyCallGraphSCCPass::runOnSCC(CallGraphSCC& SCC) {
for (CallGraphSCC::iterator it = SCC.begin(); it != SCC.end(); it++) {
CallGraphNode* node = *it;
Function* func = node->getFunction();
func->getName();
}
return false;
}
Then it can compile (obviously), but when I use opt to run this, there appears an error as following:
0 opt 0x0000000001603412 llvm::sys::PrintStackTrace(_IO_FILE*) + 34
1 opt 0x0000000001602cb4
2 libpthread.so.0 0x00007fd3155f8cb0
3 opt 0x00000000014a86e0 llvm::AttributeSet::getAttributes(unsigned int) const + 0
4 opt 0x00000000014a8748 llvm::AttributeSet::hasAttribute(unsigned int, llvm::Attribute::AttrKind) const + 8
5 call_graph_scc_pass.so 0x00007fd3146062ad test::MyCallGraphSCCPass::runOnSCC(llvm::CallGraphSCC&) + 61
6 opt 0x00000000012aa9aa
7 opt 0x0000000001591188 llvm::legacy::PassManagerImpl::run(llvm::Module&) + 904
8 opt 0x000000000059387b main + 2811
9 libc.so.6 0x00007fd31482976d __libc_start_main + 237
10 opt 0x00000000005b700d
Stack dump:
0. Program arguments: opt -load call_graph_scc_pass.so -scc
1. Running pass 'CallGraph Pass Manager' on module '<stdin>'.
Segmentation fault (core dumped)
Can some one help me with this?
You should check whether the function in the CallGraph is isDeclaration() or not.
This is because node->getFunction() may return a null-pointer and you're not checking for this before dereferencing it.
A CallGraphNode is added to the call graph for all functions in the module without internal linkage. This is because there is a possibility that it could be called from another module. Of course, this is not reachable from the current module, so the caller function is null.
A CallGraphNode is also added if a function address is used for something other than a direct call (such as being stored into memory). It may be called later in a way that the caller can't be tracked statically, so the function field is null here too.
I am working on Drupal 6 creating my own custom modules. Untill recently, i was able to call my .net web services from my php file. I do remember that i had searched a modification to be done in the xampp set up (i vaguely remember it to be php.ini). But my system crashed, and i needed to start all over again.I have my code for the modules intact; however the web services call just wont work.
Fatal error: Uncaught SoapFault exception: [WSDL] SOAP-ERROR: Parsing WSDL: Couldn't load from 'https://freeway.demo.lionbridge.com/vojo/FreewayAuth.asmx?wsdl' : failed to load external entity "https://freeway.demo.lionbridge.com/vojo/FreewayAuth.asmx?wsdl" in C:\xampp\htdocs\drupalHome\sites\all\modules\freeway_module\freeway.admin.inc:22 Stack trace: #0 C:\xampp\htdocs\drupalHome\sites\all\modules\freeway_module\freeway.admin.inc(22): SoapClient->SoapClient('https://freeway...', Array) #1 [internal function]: send_for_translation(Array) #2 C:\xampp\htdocs\drupalHome\includes\form.inc(377): call_user_func_array('send_for_transl...', Array) #3 [internal function]: drupal_retrieve_form('send_for_transl...', Array) #4 C:\xampp\htdocs\drupalHome\includes\form.inc(103): call_user_func_array('drupal_retrieve...', Array) #5 [internal function]: drupal_get_form('send_for_transl...') #6 C:\xampp\htdocs\drupalHome\includes\menu.inc(349): call_user_func_array('drupal_get_form', Array) #7 C:\xampp\htdocs\drupalHome\index.php(17): m in C:\xampp\htdocs\drupalHome\sites\all\modules\freeway_module\freeway.admin.inc on line 22
This is the error it throws for the authentication web service login call.
This is the code
$LoginClient = new SoapClient("https://freeway.demo.lionbridge.com/vojo/FreewayAuth.asmx?wsdl", array("trace"=>1));
$ServicesLink = new SoapClient("https://freeway.demo.lionbridge.com/vojo/Service.asmx?wsdl", array("trace"=>1));
try{
$arrResponse = $LoginClient->Logon(array ('Username'=>'username','Password'=>'password'));
$ticket = ($arrResponse->LogonResult);
$getSrcLang = $ServicesLink->GetSourceLanguages(array('Ticket'=>$ticket));
$getDraftProjectIds = $ServicesLink->GetProjectSummariesList(array('Ticket'=>$ticket,'NumberOfProjects'=>100,'SortOrder'=>MostRecent,'ProjectStatusCode'=>'Draft'));
$array = array();
$arrayT = array();
$forTarLang = array();
$listOfProjects = array();
foreach($getSrcLang->GetSourceLanguagesResult->Languages->Language as $language)
{
$array[$language->ID] = $language->Description."_".$language->ID;
$forTarLang[] = $language->ID;
}
foreach($getDraftProjectIds->GetProjectSummariesListResult->ProjectSummaries->ProjectSummary as $projectSummary)
{
$listOfProjects[$projectSummary->ID] = $projectSummary-> ID;
}
$tarLang = array();
}
catch (SoapFault $exception){
return $exception;
}
try{
if (count($forTarLang)!=0){
$getTarLang = $ServicesLink->GetTargetLanguages(array('Ticket'=>$ticket,'SourceLanguageID'=>$forTarLang[0]));
foreach($getTarLang->GetTargetLanguagesResult->Languages->Language as $languageT)
{
$arrayT[$languageT->ID] = $languageT->Description;
}
}
}
catch (SoapFault $exception1){
return $exception1;
}
Would like to know if any one has any tips regarding the same. Unfortunately i am trying to fing a solution which i had. Any help will be invaluable.
The solution is adding php_openssl.dll inside the ext folder.
I'm using gdb to debug a c++ program which terminated with a segmentation fault. Looking at the stack, the first few frames are:
#0 0x0041c496 in cDefaultList::doInsert (this=0x9c69708, obj=0x9c69348) at cdefaultlist.cc:119
#1 0x0041c86c in cDefaultList::take (this=0x9c69708, obj=0x9c69348) at cdefaultlist.cc:189
#2 0x0043bd9c in cPacket::encapsulate (this=0x9c69708, msg=0x9c69348) at cmessage.cc:589
#3 0x08448861 in MobIPv6mn::handleMessage (this=0x96d3350, msg=0x9c69348) at src/networklayer/numbatIPv6/mip6.cc:170
#4 0x0046069c in cSimulation::doOneEvent (this=0x87f3318, mod=0x96d3350) at csimulation.cc:627
#5 0x0015ecdf in Tkenv::doRunSimulation (this=0x87f3110) at tkenv.cc:529
#6 0x0015e899 in Tkenv::runSimulation (this=0x87f3110, mode=2, until_time=..., until_eventnum=0, until_msg=0x0, until_module=0x0) at tkenv.cc:402
#7 0x00168f10 in run_cmd (interp=0x8842e48, argc=2, argv=0xbfffcb00) at tkcmd.cc:430
So I do:
frame 3
and later want to inspect "msg" with print * (IPv6 *) msg, because that's what the type of msg should be. Well, when I look at the Ipv6-specific fields of msg, I always get completely different values, like:
srcIP_var = {addr = "\000\000\000\000\000\000i\000\000\000\001\000\000\000\001"}, dstIP_var = {
addr = "\000\000H\223\306\t\000\000\000\000\000\000\000\000\000"}, BindingUpdate_var = false, BindingAck_var = false, Dhcpv6Relay_var = false}
or
srcIP_var = {addr = "\000\000\000\000\000\000)\000\000\000\020\264K\000\020\264"}, dstIP_var = {addr = "\346\t:SCALEEXP_UNIN"}, BindingUpdate_var = 73,
BindingAck_var = 84, Dhcpv6Relay_var = 73}
or even:
srcIP_var = {addr = "\000\000\000\000\000\000\061\000\000\000\030\264K\000\030\264"}, dstIP_var = {
addr = "K\000\a\350N\v\304\350N\v\001\000\000\000\001"}, BindingUpdate_var = false, BindingAck_var = false, Dhcpv6Relay_var = false}
Why is that? Does that mean the packet is not really of the type I tried to cast it to?
Thanks a lot!
Are you sure you're not just looking at uninitialized (or freed and then re-used) memory? That could explain why your code is crashing as well.
I'm having segfault problem in my application written using C++ and compiled using GCC 4.3.2. It is running under Debian 5 x64.
The process crashed on the following line of code:
#0 0x00000000007c720f in Action::LoadInfoFromDB (this=0x7fae10d38d90)
at ../../../src/server/Action.cpp:1233
1233 m_tmap[tId]->slist[sId] = pItem;
The stack trace that i got from the core dump is as follows:
#0 0x00000000007c720f in Action::LoadInfoFromDB (this=0x7fae10d38d90)
at ../../../src/server/Action.cpp:1233
ItemGuid = <value optimized out>
ItemEntry = <value optimized out>
pItem = (class Item *) 0x2b52bae0
fields = <value optimized out>
tId = 1 '\001'
sId = 0 '\0'
result = (QueryResult *) 0x7fadcae3d8e0
#1 0x00000000007c7584 in Action::DisplayInfo (this=0x0, session=0x7fadbdd44a20)
at ../../../src/server/Action.cpp:1090
data = {<ByteBuffer> = {static DEFAULT_SIZE = 4096, _rpos = 220043248, _wpos = 5469086,
_storage = {<std::_Vector_base<unsigned char, std::allocator<unsigned char> >> = {
_M_impl = {<std::allocator<unsigned char>> = {<__gnu_cxx::new_allocator<unsigned char>> = {<No data fields>}, <No data fields>}, _M_start = 0x41200000 <Address 0x41200000 out of bounds>,
_M_finish = 0x0,
_M_end_of_storage = 0x7fad00000000 <Address 0x7fad00000000 out of bounds>}}, <No data fields>}}, m_code = 51152}
#2 0x00000000007d01a3 in Session::HandleAction (this=0x7fadbdd44a20,
recv_data=#0x25d83780) at ../../../src/server/ActionHandler.cpp:862
pAction = (Action *) 0x0
ActionId = 1079
GoGuid = <value optimized out>
In frame #1, Action::DisplayInfo was called from Session::HandleAction on pAction. However frame #1 shows this=0x0, and frame #2 shows pAction = (Action *) 0x0.
I can't understand why this caused a crash. What does this possibly mean? DisplayInfo can't be called on a null reference !
Any help is most appreciated.
Thanks
m_tmap[tId]->slist[sId] = pItem;
If that's the crash position, you're most likely indexing into non-existent data. If m_tmap is a std::map it's ok - but did you verify slist[sId] is a valid subscript?
Or - you called a member function on a NULL (or otherwise invalid)-Pointer and crash the first time you're accessing a member of the object directly, even if it's a few frames away. Are you sure pAction can't be NULL?
Stack traces needn't be valid. Firstly, you can corrupt them in your application. Secondly, optimizing compilers optimize that much away that the resulting stack traces are not reliable. Try a build with compiler optimizations disabled and use assert to verify your array subscripting is ok.
It's pretty obvious that pAction is null, and you called pAction->DisplayInfo. Look at how the addresses in Action are all invalid in frame 1. Other than that, it's hard to tell why without seeing some code, but I guess DisplayInfo calls LoadInfoFromDB either directly or indirectly.