|
Subject: |
[Bug 1815908] Re: casExpandRecvBuffer modifies the contents of the buffer |
|
From: |
Michael Ritzert via Core-talk <[email protected]> |
|
To: |
[email protected] |
|
Date: |
Mon, 14 Oct 2019 17:43:43 -0000 |
This is the patch for 7.0.3. Just the location of the file changes.
** Patch added: "caservertask-realloc-use-after-free.patch"
https://bugs.launchpad.net/epics-base/+bug/1815908/+attachment/5297128/+files/caservertask-realloc-use-after-free.patch
--
You received this bug notification because you are a member of EPICS
Core Developers, which is subscribed to EPICS Base.
Matching subscriptions: epics-core-list-subscription
https://bugs.launchpad.net/bugs/1815908
Title:
casExpandRecvBuffer modifies the contents of the buffer
Status in EPICS Base:
New
Bug description:
For the following data base run in a SoftIOC (3.16.2):
record(waveform, "PXD:H9999:D9:memoffsetdata_array:A:set"){
field(FTVL, "UCHAR")
field(NELM, "262144")
}
record(waveform, "PXD:H9999:D9:memswdata_array:A:set"){
field(FTVL, "UCHAR")
field(NELM, "262144")
}
the sequence of PV accesses created by this minimal sequence:
// vi: ft=cpp
program seqtest("")
option +c; /* dont wait for db connections */
option +r; /* make functions reentrant, multiple instances */
option +d; /* toggle runtime debugging messages */
option +W; /* extra warnings. */
%%int i;
unsigned char memswdata_array_set[16384];
assign memswdata_array_set to "PXD:H9999:D9:memswdata_array:A:set";
unsigned char memoffsetdata_array_set_small[32768];
assign memoffsetdata_array_set_small to "PXD:H9999:D9:memoffsetdata_array:A:set";
ss dhhseq_small {
state init {
entry {
for( i = 0; i < sizeof memswdata_array_set; ++i ) memswdata_array_set[i] = i % 256;
for( i = 0; i < sizeof memoffsetdata_array_set_small; ++i ) memoffsetdata_array_set_small[i] = 255 - i % 256;
pvPut(memswdata_array_set, SYNC);
pvPut(memoffsetdata_array_set_small, SYNC);
}
when() {} state done
}
state done {
when () {} state done
}
}
gives this error message on the softIOC side:
CAS: request from 192.168.0.1:44512 => CAS: Missaligned protocol rejected
CAS: Request from 192.168.0.1:44512 => cmmd=30720 cid=0x7800002c type=17023 count=0 postsize=44
CAS: Request from 192.168.0.1:44512 => available=0x427f0000 N=0 paddr=(nil)
CAS: forcing disconnect from 192.168.0.1:44512
and a segfault on the sequence side.
This report is (for now) about the softIOC.
I can reliably produce this behavior on two different systems (SL7 and
Debian) when both the softIOC and the sequence run on the same host.
Communication is via the lo interface, so the data packets are large.
During the second pvPut, the receive buffer is to be expanded a second
time, and during this call, the contents change:
before casExpandRecvBuffer
start of buffer=00 13 ffffff80
after casExpandRecvBuffer
start of buffer=78 00 00
I will try to follow this even further, but for now I'm creating this
report to have a place to track my findings.
Might there be a relation to https://bugs.launchpad.net/epics-
base/+bug/1706703 ?
To manage notifications about this bug go to:
https://bugs.launchpad.net/epics-base/+bug/1815908/+subscriptions
- Navigate by Date:
- Prev:
Build failed: epics-base base-7.0-340 AppVeyor via Core-talk
- Next:
[Bug 1844537] Re: OMSL doesn't work with constant DOL Andrew Johnson via Core-talk
- Index:
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
<2019>
2020
2021
2022
2023
2024
- Navigate by Thread:
- Prev:
Build failed: epics-base base-7.0-340 AppVeyor via Core-talk
- Next:
[Bug 1815908] Re: casExpandRecvBuffer modifies the contents of the buffer mdavidsaver via Core-talk
- Index:
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
<2019>
2020
2021
2022
2023
2024
| 
·
Home
·
News
·
About
·
Base
·
Modules
·
Extensions
·
Distributions
·
Download
·