Overview
| Artifact ID: | 5c8914c5bcc3b0a1803eb1dd38ec0252b468cf0e |
|---|---|
| Ticket: | 99c02b9520069c3ecd4bc55ae3c5137488dcf15e
iocmd-21.21 segfault demo & more |
| User & Date: | dgp 2014-04-21 15:54:41 |
Changes
- assignee changed to: "nobody"
- closer changed to: "nobody"
- cmimetype changed to: "text/plain"
- comment changed to:
New test iocmd-21.21 demonstrates a segfault. It's worse than that though. It demonstrates that reflected channels expose (create?) the ability to close a channel in the midst of operations on it. This means things can disappear, deallocate, invalidate, and go away, when everything in progress is assuming that will not happen. One particular problem is the routine ReflectInput(..., char *buf, int toRead, int *errorCodePtr); The buf pointer value passed in is where RI() is meant to write the bytes it reads. However the InvokeTclMethod() call inside RI() has the power to free that memory. iocmd-21.21 demonstrates this (and other problems), and valgrind will indeed report the "Invalid write" attempt. A number of potential solutions can be imagined, but they all seem unpleasant. Comments?
- foundin changed to: "8.5+"
- is_private changed to: "0"
- login: "dgp"
- priority changed to: "5 Medium"
- resolution changed to: "None"
- severity changed to: "Severe"
- status changed to: "Open"
- submitter changed to: "dgp"
- subsystem changed to: "25. Channel System"
- title changed to: "iocmd-21.21 segfault demo & more"
- type changed to: "Bug"