Giters

jhelovuo / RustDDS

Rust implementation of Data Distribution Service

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

thread 'RustDDS discovery thread' panicked at 'attempt to subtract with overflow'

squizz617 opened this issue · comments

commented

Hi,

Another panic case. This happens in BuiltinDataDeserializer::read_next while handling parameter_length.

  • Env: RustDDS 0.8.2, Ubuntu 20.04

  • RTPS packet that triggers panic:

Real-Time Publish-Subscribe Wire Protocol
    Magic: RTPS
    Protocol version: 2.2
    vendorId: 255.255 (Unknown)
    guidPrefix: 010f45d2b3f558b901000000
    Default port mapping: domainId=1, participantIdx=0, nature=UNICAST_METATRAFFIC
    submessageId: DATA (0x15)
        Flags: 0x07, Data present, Inline QoS, Endianness bit
        octetsToNextHeader: 30
        0000 0000 0000 0000 = Extra flags: 0x0000
        Octets to inline QoS: 16
        readerEntityId: ENTITYID_UNKNOWN (0x00000000)
        writerEntityId: ENTITYID_BUILTIN_PARTICIPANT_WRITER (0x000100c2)
        writerSeqNumber: 0
        inlineQos:
            PID_SENTINEL
        serializedData
            encapsulation kind: PL_CDR_BE (0x0002)
            Encapsulation options (0x44d5)
                Compression class Id: Unknown (5)
                Padding bytes: 1
  • Hexdump of above:
0000   00 00 03 04 00 06 00 00 00 00 00 00 00 00 08 00
0010   45 00 00 52 00 01 40 00 40 11 3c 98 7f 00 00 01
0020   7f 00 00 01 05 39 1d ec 00 3e 8b f4 52 54 50 53
0030   02 02 ff ff 01 0f 45 d2 b3 f5 58 b9 01 00 00 00
0040   15 07 1e 00 00 00 10 00 00 00 00 00 00 01 00 c2
0050   00 00 00 00 00 00 00 00 01 00 00 00 00 02 44 d5
0060   cf 7a
  • Stderr and trace:
thread 'RustDDS discovery thread' panicked at 'attempt to subtract with overflow', src/serialization/builtin_data_deserializer.rs:361:26
stack backtrace:
   0:     0x55d22895ee2a - std::backtrace_rs::backtrace::libunwind::trace::h9a6b80bbf328ba5d
                               at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/std/src/../../backtrace/src/backtrace/libunwind.rs:93:5
   1:     0x55d22895ee2a - std::backtrace_rs::backtrace::trace_unsynchronized::hd162ec543a11886b
                               at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/std/src/../../backtrace/src/backtrace/mod.rs:66:5
   2:     0x55d22895ee2a - std::sys_common::backtrace::_print_fmt::h78a5099be12f51a6
                               at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/std/src/sys_common/backtrace.rs:65:5
   3:     0x55d22895ee2a - <std::sys_common::backtrace::_print::DisplayBacktrace as core::fmt::Display>::fmt::ha1c5390454d74f71
                               at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/std/src/sys_common/backtrace.rs:44:22
   4:     0x55d22898494f - core::fmt::write::h9ffde816c577717b
                               at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/core/src/fmt/mod.rs:1254:17
   5:     0x55d22895bea5 - std::io::Write::write_fmt::h88186074961638e4
                               at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/std/src/io/mod.rs:1698:15
   6:     0x55d22895ebf5 - std::sys_common::backtrace::_print::h184198273ed08d59
                               at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/std/src/sys_common/backtrace.rs:47:5
   7:     0x55d22895ebf5 - std::sys_common::backtrace::print::h1b4d8e7add699453
                               at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/std/src/sys_common/backtrace.rs:34:9
   8:     0x55d22896029e - std::panicking::default_hook::{{closure}}::h393bcea75423915a
                               at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/std/src/panicking.rs:269:22
   9:     0x55d228960045 - std::panicking::default_hook::h48c64f31d8b3fd03
                               at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/std/src/panicking.rs:288:9
  10:     0x55d2289607fe - std::panicking::rust_panic_with_hook::hafdc493a79370062
                               at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/std/src/panicking.rs:691:13
  11:     0x55d2289606b2 - std::panicking::begin_panic_handler::{{closure}}::h0a64bc82e36bedc7
                               at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/std/src/panicking.rs:580:13
  12:     0x55d22895f296 - std::sys_common::backtrace::__rust_end_short_backtrace::hc203444fb7416a16
                               at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/std/src/sys_common/backtrace.rs:150:18
  13:     0x55d228960452 - rust_begin_unwind
                               at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/std/src/panicking.rs:578:5
  14:     0x55d22812d193 - core::panicking::panic_fmt::h0f6ef0178afce4f2
                               at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/core/src/panicking.rs:67:14
  15:     0x55d22812d22d - core::panicking::panic::h0ead933cb8f56d66
                               at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/core/src/panicking.rs:117:5
  16:     0x55d2286f08f7 - rustdds::serialization::builtin_data_deserializer::BuiltinDataDeserializer::read_next::h641a0e80ada593d1
                               at /home/seulbae/ddssecurity/targets/RustDDS/src/serialization/builtin_data_deserializer.rs:361:26
  17:     0x55d2286f0538 - rustdds::serialization::builtin_data_deserializer::BuiltinDataDeserializer::parse_data::h7338008506e5c7cd
                               at /home/seulbae/ddssecurity/targets/RustDDS/src/serialization/builtin_data_deserializer.rs:350:14
  18:     0x55d2284e69a6 - <rustdds::discovery::data_types::spdp_participant_data::SpdpDiscoveredParticipantData as rustdds::serialization::pl_cdr_deserializer::PlCdrDeserialize>::from_pl_cdr_bytes::h9de7e6fbec4e9406
                               at /home/seulbae/ddssecurity/targets/RustDDS/src/discovery/data_types/spdp_participant_data.rs:174:5
  19:     0x55d2286b9f5d - <rustdds::serialization::pl_cdr_deserializer::PlCdrDeserializerAdapter<D> as rustdds::dds::traits::serde_adapters::no_key::DeserializerAdapter<D>>::from_bytes::h162d7ec77e0555c1
                               at /home/seulbae/ddssecurity/targets/RustDDS/src/serialization/pl_cdr_deserializer.rs:45:9
  20:     0x55d228523809 - rustdds::dds::with_key::simpledatareader::SimpleDataReader<D,DA>::deserialize::h2c6eb1351633b7de
                               at /home/seulbae/ddssecurity/targets/RustDDS/src/dds/with_key/simpledatareader.rs:257:17
  21:     0x55d2285270dd - rustdds::dds::with_key::simpledatareader::SimpleDataReader<D,DA>::try_take_one::h89bcd91b90a457f5
                               at /home/seulbae/ddssecurity/targets/RustDDS/src/dds/with_key/simpledatareader.rs:335:11
  22:     0x55d22861dcdb - rustdds::dds::with_key::datareader::DataReader<D,DA>::fill_and_lock_local_datasample_cache::h249749be84db19f4
                               at /home/seulbae/ddssecurity/targets/RustDDS/src/dds/with_key/datareader.rs:106:13
  23:     0x55d22861eebb - rustdds::dds::with_key::datareader::DataReader<D,DA>::take::hcefa36004f72da23
                               at /home/seulbae/ddssecurity/targets/RustDDS/src/dds/with_key/datareader.rs:264:5
  24:     0x55d22861f369 - rustdds::dds::with_key::datareader::DataReader<D,DA>::take_next_sample::h48b18f52d447fd38
                               at /home/seulbae/ddssecurity/targets/RustDDS/src/dds/with_key/datareader.rs:355:18
  25:     0x55d228597217 - rustdds::discovery::discovery::Discovery::handle_participant_reader::hd7176ac0ec955919
                               at /home/seulbae/ddssecurity/targets/RustDDS/src/discovery/discovery.rs:894:15
  26:     0x55d2285952c6 - rustdds::discovery::discovery::Discovery::discovery_event_loop::h81b485e702f1f48f
                               at /home/seulbae/ddssecurity/targets/RustDDS/src/discovery/discovery.rs:690:13
  27:     0x55d228509486 - rustdds::dds::participant::DomainParticipant::new::{{closure}}::h983c9a7b257f18d1
                               at /home/seulbae/ddssecurity/targets/RustDDS/src/dds/participant.rs:120:11
  28:     0x55d2282e9419 - std::sys_common::backtrace::__rust_begin_short_backtrace::h639316eb4fe1b328
                               at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/std/src/sys_common/backtrace.rs:134:18
  29:     0x55d22830e8c0 - std::thread::Builder::spawn_unchecked_::{{closure}}::{{closure}}::h7061f5da033fe51a
                               at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/std/src/thread/mod.rs:526:17
  30:     0x55d2283071f4 - <core::panic::unwind_safe::AssertUnwindSafe<F> as core::ops::function::FnOnce<()>>::call_once::haf733c7b0703d650
                               at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/core/src/panic/unwind_safe.rs:271:9
  31:     0x55d22851c688 - std::panicking::try::do_call::h4526c5444bf8ead4
                               at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/std/src/panicking.rs:485:40
  32:     0x55d22851ca2b - __rust_try
  33:     0x55d22851c5b8 - std::panicking::try::hfe3b9c8f5f3f50fd
                               at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/std/src/panicking.rs:449:19
  34:     0x55d22830c74a - std::panic::catch_unwind::h1cf9e2e7086c498a
                               at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/std/src/panic.rs:140:14
  35:     0x55d22830e6aa - std::thread::Builder::spawn_unchecked_::{{closure}}::hf78dfc90775c4583
                               at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/std/src/thread/mod.rs:525:30
  36:     0x55d2282c564f - core::ops::function::FnOnce::call_once{{vtable.shim}}::hf88a2cb2ee8b6873
                               at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/core/src/ops/function.rs:250:5
  37:     0x55d228963925 - <alloc::boxed::Box<F,A> as core::ops::function::FnOnce<Args>>::call_once::ha1f2224656a778fb
                               at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/alloc/src/boxed.rs:1973:9
  38:     0x55d228963925 - <alloc::boxed::Box<F,A> as core::ops::function::FnOnce<Args>>::call_once::haa29ed9703f354b7
                               at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/alloc/src/boxed.rs:1973:9
  39:     0x55d228963925 - std::sys::unix::thread::Thread::new::thread_start::h33b6dae3e3692197
                               at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/std/src/sys/unix/thread.rs:108:17
  40:     0x7f6051d12609 - start_thread
                               at /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_create.c:477:8
  41:     0x7f6051ae2133 - clone
                               at /build/glibc-SzIz7B/glibc-2.31/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95
  42:                0x0 - <unknown>

Thank you.

commented

Another good find! Thank you for your hard work.
And 👍 for providing hex dump of the message to trigger the bug.

This does indeed panic release 0.8.2, so it is a genuine bug. However, it seems to be accidentally fixed in the current master branch, as the SPDP deserializer has been rewritten. It produces an Err instead of panic.

I added your hex dump as a unit test case, but I am not fixing this in 0.8.2, as it should be fixed in the next release anyway.