Hi Mark,
I had the same impression when I saw the code. But I thought, since it is part of the ip module and
probably used for many years with APS, I must have missed something.
I will try to fix the code and report back.
Heinz
> On 14. Feb 2019, at 00:56, Mark Rivers <[email protected]> wrote:
>
> Hi Heinz,
>
> It is crashing in the readSi function:
>
> rtnSize = strlen(pPvt->recBuf);
> switch (pPvt->command) {
> case GetID:
> cloc =strchr(pPvt->recBuf, ',');
> if (pPvt->address == 1) {
> ploc = pPvt->recBuf;
> *cloc = 0; CRASHING HERE
> strcpy(pvalue,ploc);
> } else {
> ploc = cloc+1;
> strcpy(pvalue,ploc);
> }
> break;
> }
>
> There are so many things wrong with this code I don’t know where to start!
>
> devTPG261Callback is where the actual I/O to the device is done.
>
> It does store the return status of the I/O operation in pPvt->status, but then this status is never checked anywhere!
>
> The number of characters read is only in a local variable, not in pPvt, so the readSi function does not know that no characters were read.
>
> The read buffer pPvt->recBuf is not 0 filled before the I/O, so rtnSize above will not be zero if the read failed, which it should be.
>
> The code above does not check if strchr returned 0 into cloc, which it apparently did in your case, and hence it is dereferencing a null pointer, causing the crash.
>
> The code is pretty simple, and it would not be hard to make it much more robust. Want to volunteer?
>
> Mark
>
>
> From: [email protected] <[email protected]> On Behalf Of Heinz Junkes via Tech-talk
> Sent: Wednesday, February 13, 2019 12:59 PM
> To: tech-talk <[email protected]>
> Subject: Fwd: ioc crash with ip module (synaps) TPG261 message too small=0
>
>
>
> From: Heinz Junkes <[email protected]>
> Subject: Re: ioc crash with ip module (synaps) TPG261 message too small=0
> Date: 13. February 2019 at 19:57:28 CET
> To: Mark Rivers <[email protected]>
>
> Thank you MArk,
> as fast as always. Sorry for the delay on my side but it took me a while to get the dump read on modern ubuntu
>
> (Had to go via apport, just for record
> sudo service apport start
> sudo apt install apport-retrace
> apport-unpack /var/crash/_opt_epics_FHI_IOCINFRA_bin_linux-x86_64_IOCINFRA.1000.crash crash
> cd crash; gdb `cat ExecutablePath` CoreDump
> }
>
> but as a result it shows:
>
> [New LWP 20486]
> [New LWP 20479]
> [New LWP 20492]
> [New LWP 20474]
> [New LWP 20496]
> [New LWP 20473]
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
> Core was generated by `../../bin/linux-x86_64/IOCINFRA ./st.cmd'.
> Program terminated with signal SIGSEGV, Segmentation fault.
> #0 readSi (pr=0x16521c8) at ../devTPG261.c:484
> 484 *cloc = 0;
> [Current thread is 1 (Thread 0x7fb4a975e700 (LWP 20477))]
>
>
> Heinz
>
> On 13. Feb 2019, at 18:48, Mark Rivers <[email protected]> wrote:
>
> Hi Heinz,
>
> I just looked at the code. The relevant parts are these:
>
> if (nread < 1 ) {
> asynPrint(pasynUser, ASYN_TRACE_ERROR,
> "devTPG261::devTPG261Callback Cmd %s message too small=%d\n",
> pr->name, nread);
> recGblSetSevr(pr, READ_ALARM, INVALID_ALARM);
> goto finish;
> }
> ...
> /* Process the record. This will result in the readX or writeX routine
> being called again, but with pact=1 */
> finish:
> dbScanLock(pr);
> (*prset->process)(pr);
> dbScanUnlock(pr);
> }
>
> I don’t see anything obvious wrong there. Can you get a stack trace to see where it is actually crashing?
>
> Mark
>
> -----Original Message-----
> From: [email protected] <[email protected]> On Behalf Of Heinz Junkes via Tech-talk
> Sent: Wednesday, February 13, 2019 11:35 AM
> To: Tech-talk <[email protected]>
> Subject: ioc crash with ip module (synaps) TPG261 message too small=0
>
> Using epics7
> asyn Release 4-34
> ip Release 2-20 XXX, 2018
>
> if there is no TPG261 connected to the serial port, the ioc chrashes with
>
> 2019/02/13 18:23:58.277 devTPG261::devTPG261Callback Val trARPES:HHG:ID message too small=0
>
> is called in the st.cmd like
>
> drvAsynIPPortConfigure("MOXA_9", "172.24.192.29:4009", 0, 0, 0)
> asynSetTraceIOMask("MOXA_9", 0, 0x2)
> asynSetTraceMask("MOXA_9", 0, 255)
> dbLoadRecords("$(IP)/ipApp/Db/TPG261.db", "P=trARPES:, ADDR=1,TIMEOUT=5, GAUGE=HHG, PORT=MOXA_9")
>
>
> Heinz
>
>
> ############################################################################
> ## EPICS R7.0.1.2-DEV
> ## EPICS Base built Oct 14 2018
> ############################################################################
> 2019/02/13 18:23:53.767 devTPG261::initCommon name=trARPES:HHG:SUNIT; command string=SET_UNIT command=3 address=1
> 2019/02/13 18:23:53.767 devTPG261::initCommon name=trARPES:HHG:ID; command string=GET_ID command=0 address=1
> 2019/02/13 18:23:53.767 devTPG261::initCommon name=trARPES:HHG:UNIT; command string=GET_UNIT command=2 address=1
> 2019/02/13 18:23:53.768 devTPG261::initCommon name=trARPES:HHG:PRES; command string=GET_PRESSURE command=1 address=1
> 2019/02/13 18:23:53.768 devTPG261::initCommon name=trARPES:HHG:SP1V; command string=GET_SPVAL1 command=6 address=1
> 2019/02/13 18:23:53.768 devTPG261::initCommon name=trARPES:HHG:SP2V; command string=GET_SPVAL2 command=9 address=1
> 2019/02/13 18:23:53.768 devTPG261::initCommon name=trARPES:HHG:START; command string=SET_SENSOR command=5 address=1
> 2019/02/13 18:23:53.768 devTPG261::initCommon name=trARPES:HHG:SET1; command string=SET_SP1 command=8 address=1
> 2019/02/13 18:23:53.768 devTPG261::initCommon name=trARPES:HHG:SET2; command string=SET_SP2 command=11 address=1
> 2019/02/13 18:23:53.768 devTPG261::initCommon name=trARPES:HHG:STATUS; command string=GET_SENSOR command=4 address=1
> 2019/02/13 18:23:53.768 devTPG261::initCommon name=trARPES:HHG:SP1S; command string=GET_SPS1 command=7 address=1
> 2019/02/13 18:23:53.768 devTPG261::initCommon name=trARPES:HHG:SP2S; command string=GET_SPS2 command=10 address=1
> |019/02/13 18:23:54.269 devTPG261::buildCommand trARPES:HHG:ID len=4 string=|TID
> 2019/02/13 18:23:54.269 MOXA_9 addr -1 queueRequest priority 0 not lockHolder
> 2019/02/13 18:23:54.269 asynManager::portThread port=MOXA_9 callback
> 2019/02/13 18:23:54.269 MOXA_9 set Eos 2
> \r\n
> 2019/02/13 18:23:54.269 172.24.192.29:4009 write.
> 2019/02/13 18:23:54.270 172.24.192.29:4009 write 4
> TID\r
> 2019/02/13 18:23:54.270 wrote 4 to 172.24.192.29:4009, return asynSuccess.
> 2019/02/13 18:23:54.270 MOXA_9 wrote
> TID\r
> ]019/02/13 18:23:54.270 devTPG261::devTPG261Callback Cmd trARPES:HHG:ID nwrite=4, output=[TID
> 2019/02/13 18:23:54.270 172.24.192.29:4009 read.
> 2019/02/13 18:23:54.270 172.24.192.29:4009 read 15
> \377\373\001\377\373\003\377\373\000\377\375\001\377\375\000
> 2019/02/13 18:23:54.271 MOXA_9 read 15 bytes eom=0
> \377\373\001\377\373\003\377\373\000iocRun: All initialization complete
> \377\375\001\377\375\000
> ################################################# Create autosave monitor sets
> 2019/02/13 18:23:54.272 create_monitor_set("iocIOCINFRA_0.req", 5, "P=iocIOCINFRA:")
> 172.24.192.29:4009 read.
> st.cmd line 64: Command create_monitor_set not found.
> create_monitor_set("iocIOCINFRA_1.req", 30, "P=iocIOCINFRA:")
> st.cmd line 65: Command create_monitor_set not found.
> ## Report Installed and Configured I/O-Hardware Information
> dbior 0 1 > /epics/iocs/log/Database/iocIOCINFRA.dbior
> dbhcr > /epics/iocs/log/Database/iocIOCINFRA.dbhcr
> dbl > /epics/iocs/log/Database/iocIOCINFRA.dbl
> ## Start any sequence programs
> #seq sncxxx,"user=epics"
> |pics> 2019/02/13 18:23:55.768 devTPG261::buildCommand trARPES:HHG:PRES len=4 string=|PR1
> 2019/02/13 18:23:55.768 MOXA_9 addr -1 queueRequest priority 0 not lockHolder
> 2019/02/13 18:23:56.275 MOXA_9 read from low-level driver returned 1
> 2019/02/13 18:23:56.275 devTPG261::devTPG261Callback Cmd trARPES:HHG:ID nread=15, input=[������]
> 2019/02/13 18:23:56.275 172.24.192.29:4009 write.
> 2019/02/13 18:23:56.275 172.24.192.29:4009 write 1
> \005
> 2019/02/13 18:23:56.275 wrote 1 to 172.24.192.29:4009, return asynSuccess.
> 2019/02/13 18:23:56.275 MOXA_9 wrote
> \005
> 2019/02/13 18:23:56.275 devTPG261::devTPG261Callback Val trARPES:HHG:ID nwrite=1, output=[P]
> 2019/02/13 18:23:56.275 172.24.192.29:4009 read.
> 2019/02/13 18:23:58.277 MOXA_9 read from low-level driver returned 1
> 2019/02/13 18:23:58.277 devTPG261::devTPG261Callback Val trARPES:HHG:ID nread=0, input=[]
> 2019/02/13 18:23:58.277 devTPG261::devTPG261Callback Val trARPES:HHG:ID message too small=0
>
> @@@ @@@ @@@ @@@ @@@
> @@@ Received a sigChild for process 19516. The process was killed by signal 11
> @@@ Current time: Wed Feb 13 18:23:58 2019
> @@@ Child process is shutting down, auto restart is disabled
> @@@ ^R or ^X restarts the child, ^Q quits the server
> ------------------------------------------------------------------------------
> Fritz-Haber-Institut | Phone: (+49 30) 8413-4270
> Heinz Junkes | Fax (G3+G4): (+49 30) 8413-5900
> Faradayweg 4-6 |
> D - 14195 Berlin | E-Mail: [email protected]
> ------------------------------------------------------------------------------
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
- References:
- Fwd: ioc crash with ip module (synaps) TPG261 message too small=0 Heinz Junkes via Tech-talk
- RE: ioc crash with ip module (synaps) TPG261 message too small=0 Mark Rivers via Tech-talk
- Navigate by Date:
- Prev:
RE: ioc crash with ip module (synaps) TPG261 message too small=0 Mark Rivers via Tech-talk
- Next:
How to detect AsynIPPort disconnect? Dirk Zimoch via Tech-talk
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
<2019>
2020
2021
2022
2023
2024
- Navigate by Thread:
- Prev:
RE: ioc crash with ip module (synaps) TPG261 message too small=0 Mark Rivers via Tech-talk
- Next:
Data migration Steve Kinder - UKRI STFC via Tech-talk
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
<2019>
2020
2021
2022
2023
2024
|