I'm having segfault problem in my application written using C++ and compiled using GCC 4.3.2. It is running under Debian 5 x64.
The process crashed on the following line of code:
#0 0x00000000007c720f in Action::LoadInfoFromDB (this=0x7fae10d38d90)
at ../../../src/server/Action.cpp:1233
1233 m_tmap[tId]->slist[sId] = pItem;
The stack trace that i got from the core dump is as follows:
#0 0x00000000007c720f in Action::LoadInfoFromDB (this=0x7fae10d38d90)
at ../../../src/server/Action.cpp:1233
ItemGuid = <value optimized out>
ItemEntry = <value optimized out>
pItem = (class Item *) 0x2b52bae0
fields = <value optimized out>
tId = 1 '\001'
sId = 0 '\0'
result = (QueryResult *) 0x7fadcae3d8e0
#1 0x00000000007c7584 in Action::DisplayInfo (this=0x0, session=0x7fadbdd44a20)
at ../../../src/server/Action.cpp:1090
data = {<ByteBuffer> = {static DEFAULT_SIZE = 4096, _rpos = 220043248, _wpos = 5469086,
_storage = {<std::_Vector_base<unsigned char, std::allocator<unsigned char> >> = {
_M_impl = {<std::allocator<unsigned char>> = {<__gnu_cxx::new_allocator<unsigned char>> = {<No data fields>}, <No data fields>}, _M_start = 0x41200000 <Address 0x41200000 out of bounds>,
_M_finish = 0x0,
_M_end_of_storage = 0x7fad00000000 <Address 0x7fad00000000 out of bounds>}}, <No data fields>}}, m_code = 51152}
#2 0x00000000007d01a3 in Session::HandleAction (this=0x7fadbdd44a20,
recv_data=#0x25d83780) at ../../../src/server/ActionHandler.cpp:862
pAction = (Action *) 0x0
ActionId = 1079
GoGuid = <value optimized out>
In frame #1, Action::DisplayInfo was called from Session::HandleAction on pAction. However frame #1 shows this=0x0, and frame #2 shows pAction = (Action *) 0x0.
I can't understand why this caused a crash. What does this possibly mean? DisplayInfo can't be called on a null reference !
Any help is most appreciated.
Thanks
m_tmap[tId]->slist[sId] = pItem;
If that's the crash position, you're most likely indexing into non-existent data. If m_tmap is a std::map it's ok - but did you verify slist[sId] is a valid subscript?
Or - you called a member function on a NULL (or otherwise invalid)-Pointer and crash the first time you're accessing a member of the object directly, even if it's a few frames away. Are you sure pAction can't be NULL?
Stack traces needn't be valid. Firstly, you can corrupt them in your application. Secondly, optimizing compilers optimize that much away that the resulting stack traces are not reliable. Try a build with compiler optimizations disabled and use assert to verify your array subscripting is ok.
It's pretty obvious that pAction is null, and you called pAction->DisplayInfo. Look at how the addresses in Action are all invalid in frame 1. Other than that, it's hard to tell why without seeing some code, but I guess DisplayInfo calls LoadInfoFromDB either directly or indirectly.
Related
i work on a soft using the gnu microhttpd library and it's working fine.
Anyway to made my html output human-friendly, i want to use css and so one.
sound like a made an error but i don't see :
so, if someone could help.
string sPage;
sPage = "<html><head><link rel = \"stylesheet\" type = \"text/css\" href = \"./template.css\" /></head><body style=\"background-color:red>Link to this folder<div class=\"flex-container\"><div>Le processus " + Process
+ " n\'est pas actif, impossible de se connecter</div></div><IMG src=\"../images/TrafficLights.png\"></body></html>";
struct MHD_Response *response;
int ret;
//response = MHD_create_response_from_buffer (strlen (page),(void*) page, MHD_RESPMEM_PERSISTENT);
response = MHD_create_response_from_buffer (strlen (sPage.c_str()),(void*) sPage.c_str(), MHD_RESPMEM_PERSISTENT);
ret = MHD_queue_response (connection, MHD_HTTP_OK, response);
MHD_destroy_response (response);
return ret;
From the documentation of MHD_queue_response:
[mode] memory management options for buffer; use MHD_RESPMEM_PERSISTENT if the buffer is static/global memory, use MHD_RESPMEM_MUST_FREE if the buffer is heap-allocated and should be freed by MHD and MHD_RESPMEM_MUST_COPY if the buffer is in transient memory (i.e. on the stack) and must be copied by MHD;
So either define sPage with its full contents somewhere statically, or keep your stack allocated sPage but set the mode to MHD_RESPMEM_MUST_COPY.
I'm trying to find out how to store binary data from a C++ program in a MariaDB database and restore from there.
For a first try I created a db table DOCUMENT:
idDOCUMENT INT(10) PK
TYPE VARCHAR(45)
DESCRIPTION VARCHAR(45)
CREATIONDATE DATETIME
DATA LONGBLOB
The binary data shall go to the DATA field.
Now I try to upload a PDF document to that table using this C++ code:
ifstream inFile("/home/thomas/Projekte/test-and-trials/test-and-trials/Contract.pdf", ios::binary);
const string INSERTtoDocument = "INSERT INTO DOCUMENT(TYPE,DESCRIPTION,DATA) VALUES(?, ?, ?)";
shared_ptr<sql::PreparedStatement> insertDocument(con->prepareStatement(INSERTtoDocument));
insertDocument->setString(1, "PDF");
insertDocument->setString(2, "Contract");
insertDocument->setBlob(3, &inFile);
int code = insertDocument->executeUpdate();
After executing that I can see in MySQL workbench that a new record has been created.
I can even download the blob from there, view the file in a PDF viewer. diff says that this download is binary same to what I uploaded.
Next I try to download the file using this C++ code:
const string QUERYblob = "SELECT * FROM DOCUMENT WHERE idDOCUMENT=?";
shared_ptr<sql::PreparedStatement> selectDocument(con->prepareStatement(QUERYblob));
selectDocument->setUInt(1, 12);
shared_ptr<sql::ResultSet> res(selectDocument->executeQuery());
res->first();
string docType = res->getString("TYPE");
string docDescr = res->getString("DESCRIPTION");
istream *blobStream = res->getBlob("DATA");
string docType = res->getString("TYPE");
returns "PDF". Correct so far.
string docDescr = res->getString("DESCRIPTION");
gives me "Contract". Also fine.
But
istream *blobStream = res->getBlob("DATA");
crashes with a segment violation. Reliably, each and every time.
Whats going on here?
bt full shows:
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff6f7ba50 in __memcpy_ssse3 () from /lib64/libc.so.6
(gdb) bt full
#0 0x00007ffff6f7ba50 in __memcpy_ssse3 () from /lib64/libc.so.6
No symbol table info available.
#1 0x00007ffff7b939f7 in ?? () from /usr/lib64/libmysqlcppconn.so.7
No symbol table info available.
#2 0x00007ffff7b97658 in sql::mysql::MySQL_Prepared_ResultSet::getString(unsigned int) const () from /usr/lib64/libmysqlcppconn.so.7
No symbol table info available.
#3 0x00007ffff7b9391c in sql::mysql::MySQL_Prepared_ResultSet::getString(sql::SQLString const&) const () from /usr/lib64/libmysqlcppconn.so.7
No symbol table info available.
#4 0x00007ffff7b97f98 in sql::mysql::MySQL_Prepared_ResultSet::getBlob(sql::SQLString const&) const () from /usr/lib64/libmysqlcppconn.so.7
No symbol table info available.
#5 0x0000000000401987 in main () at ../test-and-trials/main.cpp:49
driver = 0x618290
con = std::shared_ptr<sql::Connection> (use count 1, weak count 0) = {
get() = 0x63a500}
res = std::shared_ptr<sql::ResultSet> (use count 1, weak count 0) = {
get() = 0x636b20}
docDescr = "Contract"
buf = std::shared_ptr<char> (empty) = {
get() = 0x6 <error: Cannot access memory at address 0x6>}
docType = "PDF"
outFile = <incomplete type>
QUERYblob = "SELECT * FROM DOCUMENT WHERE idDOCUMENT=?"
selectDocument = std::shared_ptr<sql::PreparedStatement> (use count 1, weak count 0) = {get() = 0x63bde0}
blobStream = 0x402d90 <__libc_csu_init>
--Type <RET> for more, q to quit, c to continue without paging--
blobSize = 0
__FUNCTION__ = "main"
(gdb)
I am passing a compound structure pointer to a function after doing all the memory initializations in a test fixture. But as soon as the function gets called the sizeof that struct changes.
Have tried setting watchpoints and everything. don't the what's the issue.
Need help.
This is the code for the test.
sizeof(*ueCb) changes just after calling the function cwRrcSendMibCfgReq.
The function is copying some parameters from ueCb. ueCb has multiple structures inside of it. Accessing ueCb->currContestCellForSel in the function throws a segmentation fault even though I have explicitly allocated memory here. I have checked that the allocation occurs. I check sizeof(*ueCb) in gdb keeping the mentioned fucntion as a breakpoint. The header files are the same. Also ueId remains intact while calling the function. CW_ALLOC is an internal macro which allocates memory. it's working fine I have checked that.
Can't share the whole code because it's part of IP. This code is related to 5G protocol stack.My job is to do unit testing and the entire team isn't able to figure out where the problem is.
TEST(testMib1, test)
{
CwRrcUeCb* ueCb;
CW_ALLOC(CW_REG,CW_POOL,&ueCb, sizeof(CwRrcUeCb));
memset(ueCb, 0, sizeof(CwRrcUeCb));
ueCb->currContestCellForSel = (CwRrcCellCb *)
malloc(sizeof(CwRrcCellCb));
ueCb->currContestCellForSel->phyCellId = 5;
ueCb->ueId = 5;
S16 ret = ROK;
ret = cwRrcSendMibCfgReq(ueCb); // sizeof *ueCb changes after this statement
free(ueCb->currContestCellForSel);
CW_FREE(CW_REG, CW_POOL, ueCb, sizeof (CwRrcUeCb));
// have changed the order just to get to the main point
EXPECT_EQ(ROK, ret);
printf(" Event 9 Done\n\n\n");
}
The backtrace is as follows:
(gdb) backtrace
#0 0x000000000053a673 in cwRrcSendMibCfgReq (rrcUeCb=0x7ffff5d45320) at ../src/5gnrueapp/cw_rrc_fsm.c:2745
#1 0x000000000061dd59 in testMib1_test_Test::TestBody (this=0xa73500) at ../unittest/test_Event9Mib1.cc:79
#2 0x00007ffff71847a3 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing:
:Test::*)(), char const*) () from /lib64/libgtest.so.0
#3 0x00007ffff717ab27 in testing::Test::Run() () from /lib64/libgtest.so.0
#4 0x00007ffff717abce in testing::TestInfo::Run() () from /lib64/libgtest.so.0
#5 0x00007ffff717acd5 in testing::TestCase::Run() () from /lib64/libgtest.so.0
#6 0x00007ffff717e018 in testing::internal::UnitTestImpl::RunAllTests() () from /lib64/libgtest.so.0
#7 0x00007ffff717e2a7 in testing::UnitTest::Run() () from /lib64/libgtest.so.0
#8 0x000000000061e156 in main (argc=1, argv=0x7fffffffe1d8) at ../unittest/test_main.cc:38
the function which I'm testing
S16 cwRrcSendMibCfgReq(CwRrcUeCb * rrcUeCb)
{
CtzMibConfigRequest *mibConfig = NULLP;
CW_ALLOC(CW_REG, CW_POOL, &mibConfig, sizeof (CtzMibConfigRequest));
if(NULL == mibConfig)
{
RLOG1(L_FATAL,"Memory Allocation Failed while sending Mib config req ueId:%d",rrcUeCb->ueId);
RETVALUE(RFAILED);
}
mibConfig->pres.pres = 1;
mibConfig->systemFrameNumber = rrcUeCb->cwMibInfo.systemFrameNumber;
mibConfig->subCarrierSpacingCommon = rrcUeCb->cwMibInfo.subCarrierSpacingCommon;
mibConfig->ssb_SubcarrierOffset = rrcUeCb->cwMibInfo.ssb_SubcarrierOffset;
mibConfig->dmrs_TypeAPosition = rrcUeCb->cwMibInfo.dmrs_TypeAPosition;
mibConfig->pdcch_ConfigSIB1.controlResourceSetZero =
rrcUeCb->cwMibInfo.pdcch_ConfigSIB1.controlResourceSetZero;
mibConfig->pdcch_ConfigSIB1.searchSpaceZero = rrcUeCb->cwMibInfo.pdcch_ConfigSIB1.searchSpaceZero;
mibConfig->ueId = rrcUeCb->ueId;
mibConfig->cellId = rrcUeCb->currContestCellForSel->phyCellId;
RLOG0(L_DEBUG,"[CFGREQ] [SRC:RRC ==>> DST:CL(PHY)] : CTZ_CPHY_MIB_CFG_REQ");
printf("\n[SRC:RRC ==>> DST:CL(PHY)] : CTZ_CPHY_MIB_CFG_REQ\n");
CwLiCtzCfgReq(&cwCb.ctzSapCbLst[0]->pst,CTZ_CPHY_MIB_CFG_REQ, mibConfig);
RETVALUE(ROK);
}
Try to swap the order of these lines:
CW_FREE(CW_REG, CW_POOL, ueCb, sizeof (CwRrcUeCb));
free(ueCb->currContestCellForSel);
It seems like you first free ueCb with CW_FREE, and then you access a member pointer of ueCb with ueCb->currContestCellForSel, which might cause the segfault.
A similar question has been asked.. but I wanted to make it more specific to core audio.. as some of us may have noticed core audio has very little room for error.
As the answer to the said question explains, __cxa_throw is a C++ unhandled exception, which can be ignored (this problem seems to be new with Xcode 4.5.1.. I've never seen it before as well)
can we say the same about core audio? What makes me nervous is that it has to do with formatting of the audio.. which a lot of my code depends on:
I'm trying to convert an AAC file unto lPCM..
output format:
// set up the PCM output format for conversion
streamer->PCMoutputFormat.mSampleRate = 44100.0;
streamer->PCMoutputFormat.mFormatID = kAudioFormatLinearPCM;
streamer->PCMoutputFormat.mFormatFlags = kAudioFormatFlagsCanonical;
streamer->PCMoutputFormat.mBytesPerPacket = 4;
streamer->PCMoutputFormat.mFramesPerPacket = 1;
streamer->PCMoutputFormat.mBytesPerFrame = 4;
streamer->PCMoutputFormat.mChannelsPerFrame = 2;
streamer->PCMoutputFormat.mBitsPerChannel = 16;
input format:
mSampleRate = 44100
mFormatID = 1633772320 (AAC)
mFormatFlags = 0
mBytesPerPacket = 0
mFramesPerPacket = 1024
mBytesPerFrame = 0
mChannelsPerFrame = 2
mBitsPerChannel = 0
instance variables:
game.h
#interface Game : NSObject <GKSessionDelegate>
{
AudioStreamer *streamer;
}
#property (nonatomic, assign) AudioStreamBasicDescription mediaItemInputFormat;
audioStreamer.h
#interface AudioStreamer : NSObject
{
#public
AudioStreamBasicDescription PCMoutputFormat;
AudioConverterRef audioConverter;
}
setting up converter command in game.m (this is where the __cxa_throw unhandled exception is thrown!)
// set up converter
OSStatus result = AudioConverterNew(&_mediaItemInputFormat,
&streamer->PCMoutputFormat,
&streamer->audioConverter);
If the exception didn't end up terminating the application then some other piece of code handled it. If you trust whatever piece of code that was then there's nothing to worry about.
I'm using gdb to debug a c++ program which terminated with a segmentation fault. Looking at the stack, the first few frames are:
#0 0x0041c496 in cDefaultList::doInsert (this=0x9c69708, obj=0x9c69348) at cdefaultlist.cc:119
#1 0x0041c86c in cDefaultList::take (this=0x9c69708, obj=0x9c69348) at cdefaultlist.cc:189
#2 0x0043bd9c in cPacket::encapsulate (this=0x9c69708, msg=0x9c69348) at cmessage.cc:589
#3 0x08448861 in MobIPv6mn::handleMessage (this=0x96d3350, msg=0x9c69348) at src/networklayer/numbatIPv6/mip6.cc:170
#4 0x0046069c in cSimulation::doOneEvent (this=0x87f3318, mod=0x96d3350) at csimulation.cc:627
#5 0x0015ecdf in Tkenv::doRunSimulation (this=0x87f3110) at tkenv.cc:529
#6 0x0015e899 in Tkenv::runSimulation (this=0x87f3110, mode=2, until_time=..., until_eventnum=0, until_msg=0x0, until_module=0x0) at tkenv.cc:402
#7 0x00168f10 in run_cmd (interp=0x8842e48, argc=2, argv=0xbfffcb00) at tkcmd.cc:430
So I do:
frame 3
and later want to inspect "msg" with print * (IPv6 *) msg, because that's what the type of msg should be. Well, when I look at the Ipv6-specific fields of msg, I always get completely different values, like:
srcIP_var = {addr = "\000\000\000\000\000\000i\000\000\000\001\000\000\000\001"}, dstIP_var = {
addr = "\000\000H\223\306\t\000\000\000\000\000\000\000\000\000"}, BindingUpdate_var = false, BindingAck_var = false, Dhcpv6Relay_var = false}
or
srcIP_var = {addr = "\000\000\000\000\000\000)\000\000\000\020\264K\000\020\264"}, dstIP_var = {addr = "\346\t:SCALEEXP_UNIN"}, BindingUpdate_var = 73,
BindingAck_var = 84, Dhcpv6Relay_var = 73}
or even:
srcIP_var = {addr = "\000\000\000\000\000\000\061\000\000\000\030\264K\000\030\264"}, dstIP_var = {
addr = "K\000\a\350N\v\304\350N\v\001\000\000\000\001"}, BindingUpdate_var = false, BindingAck_var = false, Dhcpv6Relay_var = false}
Why is that? Does that mean the packet is not really of the type I tried to cast it to?
Thanks a lot!
Are you sure you're not just looking at uninitialized (or freed and then re-used) memory? That could explain why your code is crashing as well.