Giters

APE-Project / APE_Server

Ajax Push Engine : Lightweight HTTP Streaming server. Fully written in C language, it provides best performances, making it the faster Comet server to date. APE now support server-side javascript modules through spidermonkey

Home Page:www.ape-project.org

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Crash on OS X? - "pointer being freed was not allocated"

dsilvers opened this issue · comments

commented

Hello Folks,

I am running into some issues with a clean install of the latest development version of APE Server on OS X.

Basically, I'm sending a little bit of data to the inlinepush demo page with the python script (found below the gdb output). Things work fine, eventually I stop the python script. A couple of minutes later (with no activity or connections) the APE server crashes with the above error.

Any suggestions with how to troubleshoot this? Please let me know if you need any additional information.

me@my-mac ~/ape/APE-Project-APE_Server-0eff8f0/bin $ gdb ./aped
GNU gdb 6.3.50-20050815 (Apple version gdb-1515) (Sat Jan 15 08:33:48 UTC 2011)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "x86_64-apple-darwin"...Reading symbols for shared libraries .. done

(gdb) run
Starting program: /Users/dan/ape/APE-Project-APE_Server-0eff8f0/bin/aped 
Reading symbols for shared libraries +. done
[WARN] You have to run 'aped' as root to increase r_limit
   _   ___ ___ 
  /_\ | _ \ __|
 / _ \|  _/ _| 
/_/ \_\_| |___|
AJAX Push Engine

Bind on port 6969

Version : 1.1.2-dev
Build   : Jul  4 2011 18:40:16
Author  : Weelya (contact@weelya.com)

Reading symbols for shared libraries .. done
[Module] [spidermonkey] Loading module : Javascript embeded (0.01) - Anthony Catel
[JS] Loading script ../scripts/framework/mootools.js...
[JS] Loading script ../scripts/framework/Http.js...
[JS] Loading script ../scripts/framework/userslist.js...
[JS] Loading script ../scripts/utils/utils.js...
[JS] Loading script ../scripts/commands/proxy.js...
[JS] Loading script ../scripts/commands/inlinepush.js...
[JS] Loading script ../scripts/examples/nickname.js...
[JS] Loading script ../scripts/examples/move.js...
[JS] Loading script ../scripts/utils/checkTool.js...
aped(50400) malloc: *** error for object 0x100957000: pointer being freed was not allocated
*** set a breakpoint in malloc_error_break to debug

Program received signal SIGABRT, Aborted.
0x00007fff805b25d6 in __kill ()
(gdb) bt
#0  0x00007fff805b25d6 in __kill ()
#1  0x00007fff80652cd6 in abort ()
#2  0x00007fff8056a6b5 in free ()
#3  0x0000000100002e01 in close_socket (fd=9, g_ape=0x100100770) at src/sock.c:211
#4  0x0000000100003af2 in sockroutine (g_ape=0x100100770) at src/sock.c:434
#5  0x0000000100002279 in main (argc=1, argv=0x7fff5fbff638) at src/entry.c:306
(gdb)

Our Python script that generates some random data for APE_JSF/Demos/Controller/demo.html

It may be unrelated, but this is how I am sending data to the APE server.

import urllib2
import json
import time

x = 0

while 1:

    x += 1

    server = 'http://127.0.0.1:6969/0/?'
    cmd = [{'cmd': 'inlinepush',
            'params': {
               'password': 'whatever the default password was, yes, i changed it',
               'raw': 'postmsg',
               'channel': 'testchannel',
               'data': {
                    'message': str(x)
               }
            }
           }]

    url = server + urllib2.quote(json.dumps(cmd))
    print url
    response = urllib2.urlopen(url)
    time.sleep(1)
commented

Maybe it's not an error with stray clients. I just tried bombarding the APE server with data (as we plan to do this with our app). Received the same error and gdb output above.

Also tried running as root. Same error.

Please let me know if there's anything else I can try. Thanks!

commented

I have run into this problem also and tracked it down to the fact that close_socket is not protected from trying to free the same buffer twice if called to close the same socket twice. While this double call should not be happening, I see consistently that the same fd is reported twice for read from the kevent() call which is used to implement events_poll on this platform. The simple fix is one line to clear the buffer pointer so that if close_socket is called again on the closed fd it will not attempt to free the buffer again.

Look for the free(co->buffer_in.data); line and add the line:
co->buffer_in.data = NULL;

after it.

I have put up a commit with this fix so it can be rolled into the code.
It is commit 08c6354 on jdtcdr:issue-14-pointer-freed

commented

Issue over 3 years old. Closing. Reopen a new one if issue is still there.