segfault

Question

segfault

justincormack opened this issue 12 years ago · comments

running lua test.lua on the head version of ljsyscall now gives

lua: ffi.c:708: get_member: Assertion `ct->is_variable_struct && ct->variable_size_known && mt->is_array' failed.
and segfaults

Will make a reduced test case, its after the recvmsg call, passing credentials, not the simplest interface...

James McKaskill · Answer 1 · Mon Jun 04 2012 11:39:09 GMT+0800 (China Standard Time)

I get the following:

james@hawea ~/c/ljsyscall $ git describe                                                                                                              master 
v0.1-147-g7891081
james@hawea ~/c/ljsyscall $ lua test.lua                                                                                                              master 
hawea Linux 2.6.37-2-amd64 #1 SMP Sun Feb 27 10:12:22 UTC 2011
lua: test.lua:227: Can't set a pointer member to a struct that's about to be freed
stack traceback:
    [C]: in function 'cast'
    test.lua:227: in main chunk
    [C]: ?

Or do you have a more recent version somewhere else then on github?

James McKaskill · Answer 2 · Mon Jun 04 2012 11:51:25 GMT+0800 (China Standard Time)

Oh I see what my error is about. The S.cast("char_", 1). It tried to cast 1 to a char_ and failed and so fell back on casting {1} to char* which failed due to the temp array.

James McKaskill · Answer 3 · Mon Jun 04 2012 12:18:05 GMT+0800 (China Standard Time)

Aha, now I get it. A fix to luaffi for the temp array, fix to ljsyscall for the ffi.cast('long', ..) != -1 and update luabitop to latest version (my version was missing bswap).

Justin Cormack · Answer 4 · Tue Jun 05 2012 02:11:58 GMT+0800 (China Standard Time)

Here is a smaller test case

local S = require "syscall"

local sv = assert(S.socketpair("unix", "stream"))

assert(sv[2]:setsockopt("socket", "passcred", true)) -- enable receive creds
local so = assert(sv[2]:getsockopt(S.SOL_SOCKET, S.SO_PASSCRED))
assert(so == 1, "getsockopt should have updated value")

assert(sv[1]:sendmsg()) -- sends single byte, which is enough to send credentials
local r = assert(sv[2]:recvmsg())
assert(r.pid == S.getpid(), "expect to get my pid from sending credentials")

It segfaults on recvmsg

Justin Cormack · Answer 5 · Tue Jun 05 2012 09:40:07 GMT+0800 (China Standard Time)

it is failing on

local cred = t.ucred()
ffi.copy(cred, cmsg.cmsg_data, ffi.sizeof(t.ucred))

This code is not very nice, so may rewrite it but does seem to be a bug.

Justin Cormack · Answer 6 · Tue Jun 05 2012 09:59:03 GMT+0800 (China Standard Time)

Ah I see whats up,

struct cmsghdr {
  size_t cmsg_len;
  int cmsg_level;
  int cmsg_type;
  unsigned char cmsg_data[?];
};

it doesnt know what size the cmsg struct is, because of the variable length array, so it doesnt feel inclined to cast it.

James McKaskill · Answer 7 · Tue Jun 05 2012 10:20:45 GMT+0800 (China Standard Time)

The error is that it even let you create a cmsghdr without specifying the variable size.

Justin Cormack · Answer 8 · Tue Jun 05 2012 10:25:46 GMT+0800 (China Standard Time)

Have fixed this in ljsyscall now. I am fine not using variable length arrays at end of struct really, probably not a priority to fix. There are some other uses, but may be ok if not casting them.

Justin Cormack · Answer 9 · Tue Jun 05 2012 10:49:58 GMT+0800 (China Standard Time)

It is not created, it is cast to a cmsghdr I think, thats the issue. Which is I think legal. Removed it anyway...

James McKaskill · Answer 10 · Tue Jun 05 2012 11:07:04 GMT+0800 (China Standard Time)

On Mon, Jun 4, 2012 at 10:49 PM, Justin Cormack <
reply@reply.github.com

wrote:

Removed it anyway...

Fixed it anyway...