EPICS Controls Argonne National Laboratory

Experimental Physics and
Industrial Control System

2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  <20132014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024  Index 2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  <20132014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024 
<== Date ==> <== Thread ==>

Subject: RE: db_create_event_log
From: "Hill, Jeff" <[email protected]>
To: "[email protected]" <[email protected]>
Date: Mon, 4 Nov 2013 19:23:01 +0000
Maybe I see another R3.15 bug; when in an out-of-memory situation the code in the filter arr.c at line 122 allocates pdst but does not check the return from freeListCalloc. If it is nill then u.r.field will also be nill. It seems that further down in arr.c at line 127 dbExtractArrayFromBuf will memcpy to a nill pointer destination if u.r.field is nill?

                void *pdst = freeListCalloc(my->arrayFreeList);

                pfl->u.r.dtor = freeArray;
                pfl->u.r.pvt = my->arrayFreeList;
                offset = (offset + start) % chan->addr.no_elements;
                dbExtractArrayFromRec(&chan->addr, pdst, nTarget, nSource, offset, my->incr);
                pfl->u.r.field = pdst;

It seems that similar issues exist further down in arr.c at line 143 where dbExtractArrayFromBuf will memcpy to a nill pointer destination when u.r.field is initialized nill, in an out-of-memory situation?

            pdst = freeListCalloc(my->arrayFreeList);
            offset = start;
            dbExtractArrayFromBuf(psrc, pdst, pfl->field_size, pfl->field_type, nTarget, nSource, offset, my->incr);

Looking in the source it appears that there are several additional defects following this pattern.

Should I submit a bug report?

Jeff
> -----Original Message-----
> From: [email protected] [mailto:core-talk-
> [email protected]] On Behalf Of Hill, Jeff
> Sent: Monday, November 04, 2013 11:06 AM
> To: [email protected]
> Subject: db_create_event_log
> 
> Hello All,
> 
> I was having a closer look at the recent changes in R3.15; my perception is
> that behavior has changed and that in an out-of-memory situation R3.15 is
> currently discarding the update for the event queue instead of the original
> behavior which was replacing the last entry on the queue for the subscription
> that was being posted, in an out-of-memory situation.
> 
> Should I submit a defect report; or perhaps this was this an intentional
> behavior change in R3.15?
> 
> Ref: in the code below if db_create_event_log returns null due to out-of-
> memory condition then db_post_events is a noop.
> 
> int db_post_events(
> void            *pRecord,
> void            *pField,
> unsigned int    caEventMask
> )
> {
>     struct dbCommon   * const prec = (struct dbCommon *) pRecord;
>     struct evSubscrip *pevent;
> 
>     if (prec->mlis.count == 0) return DB_EVENT_OK;       /* no monitors set */
> 
>     LOCKREC (prec);
> 
>     for (pevent = (struct evSubscrip *) prec->mlis.node.next;
>         pevent; pevent = (struct evSubscrip *) pevent->node.next){
> 
>         /*
>          * Only send event msg if they are waiting on the field which
>          * changed or pval==NULL and waiting on alarms and alarms changed
>          */
>         if ( (dbChannelField(pevent->chan) == (void *)pField || pField==NULL) &&
>             (caEventMask & pevent->select)) {
>             db_field_log *pLog = db_create_event_log(pevent);
>             pLog = dbChannelRunPreChain(pevent->chan, pLog);
>             if (pLog) db_queue_event_log(pevent, pLog);
>         }
>     }
> 
>     UNLOCKREC (prec);
>     return DB_EVENT_OK;
> 
> }
> 



Replies:
Re: db_create_event_log Andrew Johnson
References:
db_create_event_log Hill, Jeff

Navigate by Date:
Prev: posting DBE_PROPERTY Michael Davidsaver
Next: Re: db_create_event_log Andrew Johnson
Index: 2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  <20132014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024 
Navigate by Thread:
Prev: db_create_event_log Hill, Jeff
Next: Re: db_create_event_log Andrew Johnson
Index: 2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  <20132014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024 
ANJ, 18 Nov 2013 Valid HTML 4.01! · Home · News · About · Base · Modules · Extensions · Distributions · Download ·
· Search · EPICS V4 · IRMIS · Talk · Bugs · Documents · Links · Licensing ·