EPICS Controls Argonne National Laboratory

Experimental Physics and
Industrial Control System

2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  <20192020  2021  2022  2023  2024  Index 2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  <20192020  2021  2022  2023  2024 
<== Date ==> <== Thread ==>

Subject: [Bug 1815908] Re: casExpandRecvBuffer modifies the contents of the buffer
From: mdavidsaver via Core-talk <[email protected]>
To: [email protected]
Date: Wed, 16 Oct 2019 03:10:30 -0000
Sorry, this ticket fell through a crack.  Looking at your proposed fix I
think I see what the logic bug is.  The only change I'll make when
applying is to test if realloc() returns NULL.

** Changed in: epics-base
     Assignee: (unassigned) => mdavidsaver (mdavidsaver)

** Changed in: epics-base
    Milestone: None => 7.0.3.1

** Changed in: epics-base
       Status: New => In Progress

-- 
You received this bug notification because you are a member of EPICS
Core Developers, which is subscribed to EPICS Base.
Matching subscriptions: epics-core-list-subscription
https://bugs.launchpad.net/bugs/1815908

Title:
  casExpandRecvBuffer modifies the contents of the buffer

Status in EPICS Base:
  In Progress

Bug description:
  For the following data base run in a SoftIOC (3.16.2):

  record(waveform, "PXD:H9999:D9:memoffsetdata_array:A:set"){
      field(FTVL, "UCHAR")
      field(NELM, "262144")
  }

  record(waveform, "PXD:H9999:D9:memswdata_array:A:set"){
      field(FTVL, "UCHAR")
      field(NELM, "262144")
  }

  the sequence of PV accesses created by this minimal sequence:

  // vi: ft=cpp
  program seqtest("")

  option +c; /* dont wait for db connections */
  option +r; /* make functions reentrant, multiple instances */
  option +d; /* toggle runtime debugging messages */
  option +W; /* extra warnings. */

  %%int i;

  unsigned char memswdata_array_set[16384];
  assign memswdata_array_set to "PXD:H9999:D9:memswdata_array:A:set";

  unsigned char memoffsetdata_array_set_small[32768];
  assign memoffsetdata_array_set_small to "PXD:H9999:D9:memoffsetdata_array:A:set";

  ss dhhseq_small {
    state init {
      entry {
        for( i = 0; i < sizeof memswdata_array_set; ++i ) memswdata_array_set[i] = i % 256;
        for( i = 0; i < sizeof memoffsetdata_array_set_small; ++i ) memoffsetdata_array_set_small[i] = 255 - i % 256;
        pvPut(memswdata_array_set, SYNC);
        pvPut(memoffsetdata_array_set_small, SYNC);
      }
      when() {} state done
    }

    state done {
          when () {} state done
    }
  }

  gives this error message on the softIOC side:

  CAS: request from 192.168.0.1:44512 => CAS: Missaligned protocol rejected
  CAS: Request from 192.168.0.1:44512 => cmmd=30720 cid=0x7800002c type=17023 count=0 postsize=44
  CAS: Request from 192.168.0.1:44512 =>   available=0x427f0000   N=0 paddr=(nil)
  CAS: forcing disconnect from 192.168.0.1:44512

  and a segfault on the sequence side.

  This report is (for now) about the softIOC.

  I can reliably produce this behavior on two different systems (SL7 and
  Debian) when both the softIOC and the sequence run on the same host.
  Communication is via the lo interface, so the data packets are large.

  During the second pvPut, the receive buffer is to be expanded a second
  time, and during this call, the contents change:

  before casExpandRecvBuffer
    start of buffer=00 13 ffffff80
  after casExpandRecvBuffer
    start of buffer=78 00 00

  I will try to follow this even further, but for now I'm creating this
  report to have a place to track my findings.

  Might there be a relation to https://bugs.launchpad.net/epics-
  base/+bug/1706703 ?

To manage notifications about this bug go to:
https://bugs.launchpad.net/epics-base/+bug/1815908/+subscriptions

Navigate by Date:
Prev: [Bug 541239] Re: explicitly unloading Com.dll causes crash Andrew Johnson via Core-talk
Next: [Merge] ~anj/epics-base/+git/base-3.15:epics-prove into epics-base:3.15 Andrew Johnson via Core-talk
Index: 2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  <20192020  2021  2022  2023  2024 
Navigate by Thread:
Prev: [Bug 1815908] Re: casExpandRecvBuffer modifies the contents of the buffer Michael Ritzert via Core-talk
Next: [Bug 1815908] Re: casExpandRecvBuffer modifies the contents of the buffer mdavidsaver via Core-talk
Index: 2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  <20192020  2021  2022  2023  2024 
ANJ, 24 Oct 2019 Valid HTML 4.01! · Home · News · About · Base · Modules · Extensions · Distributions · Download ·
· Search · EPICS V4 · IRMIS · Talk · Bugs · Documents · Links · Licensing ·