I have an application and I am analyzing memory crash dumps of this software.
struct GPS_CONNECTION
{
int sockfd;
std::string sendbuf, recvbuf;
struct sockaddr_in remoteaddr;
};
vector <GPS_CONNECTION> GPSC;
--------------------------------
(cut)
--------------------------------
fd_set master, gps_master, read_fds, gps_read_fds, write_fds, gps_write_fds;
for (;;)
{
/* Clear */
FD_ZERO(&gps_read_fds);
FD_ZERO(&gps_write_fds);
/* read_fds */
gps_read_fds = gps_master;
/* write_fds */
for (int i=0; i < GPSC.size(); i++)
{
if (GPSC[i].sendbuf.empty())
{
continue;
}
FD_SET(GPSC[i].sockfd, &gps_write_fds);
}
/* Timeout struct */
tv.tv_sec = 0;
tv.tv_usec = 0;
/* selectuj write */
if (select(gps_fdmax+1, &gps_read_fds, &gps_write_fds, NULL, &tv) == -1)
{
perror("select");
return 7;
}
--------------------------------
(cut)
--------------------------------
}
GDB crash dump says software is crashed in line:
443 if (GPSC[i].sendbuf.empty())
When I was analyzing the variables I saw this:
(gdb) print i
$1 = -1214807923
I don't understand how this value was overwritten? I don't see any stack overflow issue here, can anyone explain the reason of this crash?
This problem appears recurring - once in 2-days, this is a server working 24/7/365.
After g++ expanding this code that results:
for (int i=0; i < GPSC.size(); i++)
{
if (GPSC[i].sendbuf.empty())
{
continue;
}
__asm__ __volatile__ ("btsl %1,%0" : "=m" (((&gps_write_fds)->fds_bits)[((GPSC[i].sockfd) / (8 * sizeof (__fd_mask)))]) : "r" (((int) (GPSC[i].sockfd)) % (8 * sizeof (__fd_mask))) : "cc","memory");
}
From the small code snippet you shared, it's hard to say what the problem really is.
I can only suspect that the result of GPSC.size() is bigger than what an int can store, therefore causing an overflow on i after some iterations.
Code will crashing because of multi-threading that i will not consider before, i think that is working in one thread only, my mistake.
Related
I need to write/read flash memory in my blue pill board (stm32f103c8t6) and I followed this tutorial https://www.youtube.com/watch?v=BKgh896Bj8Q&t=32s but I used Keil uVision 5 IDE and I had this error
" #error 167: argument of type "uint32_t" is incompatible with parameter of type "const char *" "
Here is the .c library I used
static uint32_t GetPage(uint32_t Address)
{
for (int indx=0; indx<128; indx++)
{
if((Address < (0x08000000 + (1024 *(indx+1))) ) && (Address >= (0x08000000 + 1024*indx)))
{
return (0x08000000 + 1024*indx);
}
}
return -1;
}
uint32_t Flash_Write_Data (uint32_t StartPageAddress, uint32_t * DATA_32)
{
static FLASH_EraseInitTypeDef EraseInitStruct;
uint32_t PAGEError;
int sofar=0;
int numberofwords = (strlen(DATA_32)/4) + ((strlen(DATA_32) % 4) != 0);
/* Unlock the Flash to enable the flash control register access *************/
HAL_FLASH_Unlock();
/* Erase the user Flash area*/
uint32_t StartPage = GetPage(StartPageAddress);
uint32_t EndPageAdress = StartPageAddress + numberofwords*4;
uint32_t EndPage = GetPage(EndPageAdress);
/* Fill EraseInit structure*/
EraseInitStruct.TypeErase = FLASH_TYPEERASE_PAGES;
EraseInitStruct.PageAddress = StartPage;
EraseInitStruct.NbPages = ((EndPage - StartPage)/FLASH_PAGE_SIZE) +1;
if (HAL_FLASHEx_Erase(&EraseInitStruct, &PAGEError) != HAL_OK)
{
/*Error occurred while page erase.*/
return HAL_FLASH_GetError ();
}
/* Program the user Flash area word by word*/
while (sofar<numberofwords)
{
if (HAL_FLASH_Program(FLASH_TYPEPROGRAM_WORD, StartPageAddress, DATA_32[sofar]) == HAL_OK)
{
StartPageAddress += 4; // use StartPageAddress += 2 for half word and 8 for double word
sofar++;
}
else
{
/* Error occurred while writing data in Flash memory*/
return HAL_FLASH_GetError ();
}
}
/* Lock the Flash to disable the flash control register access (recommended
to protect the FLASH memory against possible unwanted operation) *********/
HAL_FLASH_Lock();
return 0;
}
void Flash_Read_Data (uint32_t StartPageAddress, __IO uint32_t * DATA_32)
{
while (1)
{
*DATA_32 = *(__IO uint32_t *)StartPageAddress;
if (*DATA_32 == 0xffffffff)
{
*DATA_32 = '\0';
break;
}
StartPageAddress += 4;
DATA_32++;
}
}
void Convert_To_Str (uint32_t *data, char *str)
{
int numberofbytes = ((strlen(data)/4) + ((strlen(data) % 4) != 0)) *4;
for (int i=0; i<numberofbytes; i++)
{
str[i] = data[i/4]>>(8*(i%4));
}
}
And in the main.c I just used Flash_Write_Data(0x0801FC00,data);
It's all commands from the .c and .h files, and I also used CubeMX with Keil IDE (don't know if it makes any diference)
I don't know if it's a keils configuration problem, the .c and .h libraries used in the tutorial don't see to be so much complex.
I searched on the internet and it's a very common error but didn't find a solution. I didn't even found much about Flash memory in cortex M3 with PAGE MEMORY TYPE. If someone could help with this error or write/read flash memory in cortex M3 I would appreciate it.
I am trying to read complete messages from my GPS via serial port.
The message I am looking for starts with:
0xB5 0x62 0x02 0x13
So I read from the serial port like so
while (running !=0)
{
int n = read (fd, input_buffer, sizeof input_buffer);
for (int i=0; i<BUFFER_SIZE; i++)
{
if (input_buffer[i]==0xB5 && input_buffer[i+1]== 0x62 && input_buffer[i+2]== 0x02 && input_buffer[i+3]== 0x13 && i<(BUFFER_SIZE-1) )
{
// process the message.
}
}
The problem I am having is that I need to get a complete message. Half of a message could be in the buffer one iteration. And the other half could come into the message the next iteration.
Somebody suggested that free the buffer up from the complete message. And then I move the rest of data in the buffer to the beginning of the buffer.
How do I do that or any other way that make sure I get every complete selected message that comes in?
edit//
I want a particular class and ID. But I can also read in the length
To minimize the overhead of making many read() syscalls of small byte counts, use an intermediate buffer in your code.
The read()s should be in blocking mode to avoid a return code of zero bytes.
#define BLEN 1024
unsigned char rbuf[BLEN];
unsigned char *rp = &rbuf[BLEN];
int bufcnt = 0;
static unsigned char getbyte(void)
{
if ((rp - rbuf) >= bufcnt) {
/* buffer needs refill */
bufcnt = read(fd, rbuf, BLEN);
if (bufcnt <= 0) {
/* report error, then abort */
}
rp = rbuf;
}
return *rp++;
}
For proper termios initialization code for the serial terminal, see this answer. You should increase the VMIN parameter to something closer to the BLEN value.
Now you can conveniently access the received data a byte at a time with minimal performance penalty.
#define MLEN 1024 /* choose appropriate value for message protocol */
unsigned char mesg[MLEN];
while (1) {
while (getbyte() != 0xB5)
/* hunt for 1st sync */ ;
retry_sync:
if ((sync = getbyte()) != 0x62) {
if (sync == 0xB5)
goto retry_sync;
else
continue; /* restart sync hunt */
}
class = getbyte();
id = getbyte();
length = getbyte();
length += getbyte() << 8;
if (length > MLEN) {
/* report error, then restart sync hunt */
continue;
}
for (i = 0; i < length; i++) {
mesg[i] = getbyte();
/* accumulate checksum */
}
chka = getbyte();
chkb = getbyte();
if ( /* valid checksum */ )
break; /* verified message */
/* report error, and restart sync hunt */
}
/* process the message */
switch (class) {
case 0x02:
if (id == 0x13) {
...
...
You can break the read into three parts. Find the start of a message. Then get the LENGTH. Then read the rest of the message.
// Should probably clear these in case data left over from a previous read
input_buffer[0] = input_buffer[1] = 0;
// First make sure first char is 0xB5
do {
n = read(fd, input_buffer, 1);
} while (0xB5 != input_buffer[0]);
// Check for 2nd sync char
n = read(fd, &input_buffer[1], 1);
if (input_buffer[1] != 0x62) {
// Error
return;
}
// Read up to LENGTH
n = read(fd, &input_buffer[2], 4);
// Parse length
//int length = *((int *)&input_buffer[4]);
// Since I don't know what size an int is on your system, this way is better
int length = input_buffer[4] | (input_buffer[5] << 8);
// Read rest of message
n = read(fd, &input_buffer[6], length);
// input_buffer should now have a complete message
You should add error checking...
I'm trying to get the serial number of a USB device using libusb-1.0.
The problem I have is that sometimes the libusb_get_string_descriptor_ascii() function returns -7 (LIBUSB_ERROR_TIMEOUT) in my code, but other times the serial number is correctly written in my array and I can't figure out what is happening. Am I using libusb incorrectly? Thank you.
void EnumerateUsbDevices(uint16_t uVendorId, uint16_t uProductId) {
libusb_context *pContext;
libusb_device **ppDeviceList;
libusb_device_descriptor oDeviceDescriptor;
libusb_device_handle *hHandle;
int iReturnValue = libusb_init(&pContext);
if (iReturnValue != LIBUSB_SUCCESS) {
return;
}
libusb_set_debug(pContext, 3);
ssize_t nbUsbDevices = libusb_get_device_list(pContext, &ppDeviceList);
for (ssize_t i = 0; i < nbUsbDevices; ++i) {
libusb_device *pDevice = ppDeviceList[i];
iReturnValue = libusb_get_device_descriptor(pDevice, &oDeviceDescriptor);
if (iReturnValue != LIBUSB_SUCCESS) {
continue;
}
if (oDeviceDescriptor.idVendor == uVendorId && oDeviceDescriptor.idProduct == uProductId) {
iReturnValue = libusb_open(pDevice, &hHandle);
if (iReturnValue != LIBUSB_SUCCESS) {
continue;
}
unsigned char uSerialNumber[255] = {};
int iSerialNumberSize = libusb_get_string_descriptor_ascii(hHandle, oDeviceDescriptor.iSerialNumber, uSerialNumber, sizeof(uSerialNumber));
std::cout << iSerialNumberSize << std::endl; // Print size of serial number <--
libusb_close(hHandle);
}
}
libusb_free_device_list(ppDeviceList, 1);
libusb_exit(pContext);
}
I see nothing wrong with your code. I would not care to much about timeouts in the context of USB. It is a bus after all and can be occupied with different traffic.
As you may know there is depending on the version of USB a portion of the bandwidth reserved for control transfers. libusb_get_string_descriptor_ascii simply sends all the required control transfers to get the string. If any of those times out it will abort. You can try to send this control transfers yourself and use bigger timeout values but I guess the possibility of a timeout will always be there to wait for you (pun intended).
So it turns out my device was getting into weird states, possibly not being closed properly or the like. Anyway, calling libusb_reset_device(hHandle); just after the libusb_open() call seems to fix my sporadic timeout issue.
libusb_reset_device()
I am trying to develop an application with Visual Studio C++ using some communication DLLs .
In one of the DLLs, I have a stack overflow exception.
I have two functions, one receives packet, and another function which do some operations on the packets.
static EEcpError RxMessage(unsigned char SrcAddr, unsigned char SrcPort, unsigned char DestAddr, unsigned char DestPort, unsigned char* pMessage, unsigned long MessageLength)
{
EEcpError Error = ERROR_MAX;
TEcpChannel* Ch = NULL;
TDevlinkMessage* RxMsg = NULL;
// Check the packet is sent to an existing port
if (DestPort < UC_ECP_CHANNEL_NB)
{
Ch = &tEcpChannel[DestPort];
RxMsg = &Ch->tRxMsgFifo.tDevlinkMessage[Ch->tRxMsgFifo.ucWrIdx];
// Check the packet is not empty
if ((0UL != MessageLength)
&& (NULL != pMessage))
{
if (NULL == RxMsg->pucDataBuffer)
{
// Copy the packet
RxMsg->SrcAddr = SrcAddr;
RxMsg->SrcPort = SrcPort;
RxMsg->DestAddr =DestAddr;
RxMsg->DestPort = DestPort;
RxMsg->ulDataBufferSize = MessageLength;
RxMsg->pucDataBuffer = (unsigned char*)malloc(RxMsg->ulDataBufferSize);
if (NULL != RxMsg->pucDataBuffer)
{
memcpy(RxMsg->pucDataBuffer, pMessage, RxMsg->ulDataBufferSize);
// Prepare for next message
if ((UC_ECP_FIFO_DEPTH - 1) <= Ch->tRxMsgFifo.ucWrIdx)
{
Ch->tRxMsgFifo.ucWrIdx = 0U;
}
else
{
Ch->tRxMsgFifo.ucWrIdx += 1U;
}
// Synchronize the application
if (0 != OS_MbxPost(Ch->hEcpMbx))
{
Error = ERROR_NONE;
}
else
{
Error = ERROR_WINDOWS;
}
}
else
{
Error = ERROR_WINDOWS;
}
}
else
{
// That should never happen. In case it happens, that means the FIFO
// is full. Either the FIFO size should be increased, or the listening thread
// does no more process the messages.
// In that case, the last received message is lost (until the messages are processed, or forever...)
Error = ERROR_FIFO_FULL;
}
}
else
{
Error = ERROR_INVALID_PARAMETER;
}
}
else
{
// Trash the packet, nothing else to do
Error = ERROR_NONE;
}
return Error;
}
static EEcpError ProcessNextRxMsg(unsigned char Port, unsigned char* SrcAddr, unsigned char* SrcPort, unsigned char* DestAddr, unsigned char* Packet, unsigned long* PacketSize)
{
EEcpError Error = ERROR_MAX;
TEcpChannel* Ch = &tEcpChannel[Port];
TDevlinkMessage* RxMsg = &Ch->tRxMsgFifo.tDevlinkMessage[Ch->tRxMsgFifo.ucRdIdx];
if (NULL != RxMsg->pucDataBuffer)
{
*SrcAddr = RxMsg->ucSrcAddr;
*SrcPort = RxMsg->ucSrcPort;
*DestAddr = RxMsg->ucDestAddr;
*PacketSize = RxMsg->ulDataBufferSize;
memcpy(Packet, RxMsg->pucDataBuffer, RxMsg->ulDataBufferSize);
// Cleanup the processed message
free(RxMsg->pucDataBuffer); // <= Exception stack overflow after 40 min
RxMsg->pucDataBuffer = NULL;
RxMsg->ulDataBufferSize = 0UL;
RxMsg->ucSrcAddr = 0U;
RxMsg->ucSrcPort = 0U;
RxMsg->ucDestAddr = 0U;
RxMsg->ucDestPort = 0U;
// Prepare for next message
if ((UC_ECP_FIFO_DEPTH - 1) <= Ch->tRxMsgFifo.ucRdIdx)
{
Ch->tRxMsgFifo.ucRdIdx = 0U;
}
else
{
Ch->tRxMsgFifo.ucRdIdx += 1U;
}
Error =ERROR_NONE;
}
else
{
Error = ERROR_NULL_POINTER;
}
return Error;
}
The problem occur after 40 min, during all this time I receive a lot of packets, and everything is going well.
After 40 min, the stack overflow exception occur on the free.
I don't know what is going wrong.
Can anyone help me please ?
Thank you.
A few suggestions:
The line
memcpy(Packet, RxMsg->pucDataBuffer, RxMsg->ulDataBufferSize);
is slightly suspect as it occurs just before the free() call which crashes. How is Packet allocated and how are you making sure a buffer overflow does not occur here?
If this is an asynchronous / multi-threaded program do you have the necessary locks to prevent data from being written/read at the same time?
Best bet if you still need to find the issue is to run a tool like Valgrind to help diagnose and narrow down memory issues more precisely. As dasblinklight mentions in the comments the issue most likely originates somewhere else and merely happens to show up at the free() call.
I'm currently working on a project that involves FastCGI and C++. Now I found the official FCGI Library. I tried out the echo example.
/*
* echo.c --
*
* Produce a page containing all FastCGI inputs
*
*
* Copyright (c) 1996 Open Market, Inc.
*
* See the file "LICENSE.TERMS" for information on usage and redistribution
* of this file, and for a DISCLAIMER OF ALL WARRANTIES.
*
*/
#ifndef lint
static const char rcsid[] = "$Id: echo.c,v 1.1.1.1 2001/04/25 00:43:49 robs Exp $";
#endif /* not lint */
#include "fcgi_stdio.h"
#include <stdlib.h>
extern char **environ;
void PrintEnv(char *label, char **envp)
{
printf("%s:<br>\n<pre>\n", label);
for(; *envp != NULL; envp++) {
printf("%s\n", *envp);
}
printf("</pre><p>\n");
}
void main ()
{
char **initialEnv = environ;
int count = 0;
while(FCGI_Accept() >= 0) {
char *contentLength = getenv("CONTENT_LENGTH");
int len;
printf("Content-type: text/html\r\n"
"\r\n"
"<title>FastCGI echo</title>"
"<h1>FastCGI echo</h1>\n"
"Request number %d <p>\n", ++count);
if(contentLength != NULL) {
len = strtod(contentLength, NULL);
} else {
len = 0;
}
if(len <= 0) {
printf("No data from standard input.<p>\n");
} else {
int i, ch;
printf("Standard input:<br>\n<pre>\n");
for(i = 0; i < len; i++) {
if((ch = getchar()) < 0) {
printf("Error: Not enough bytes received "
"on standard input<p>\n");
break;
}
putchar(ch);
}
printf("\n</pre><p>\n");
}
PrintEnv("Request environment", environ);
PrintEnv("Initial environment", initialEnv);
} /* while */
}
I start this script with the command spawn-fcgi -p 8000 -n hello.
But is it also possible to just start the program xy without the spawn-fcgi. Do you know a good example, or a documentation?
thanks for your answer
The spawn-fcgi command opens a TCP connection for you and starts listening on the specified port (8000 in your case). It forwards the request coming in on the TCP connection to your application's stdin. It also forwards your writes to the stdout back to the TCP connection.
You can create the connection yourself using FCGX_OpenSocket() call and then pass the returned socket to FCGX_InitRequest(). After that you can go for the loop using FCGX_Accept_r() instead of FCGI_Accept()!
BTW: there is another tool that many people use instead of spawn-fcgi - supervisor. In addition to managing the connection for you, it also monitors your process. So, if your process crashes because of some wierd request, it re-launches your application!