the input to the function patternArray is malformed by the application:
On Tue, 2008-05-06 at 18:39 +0000, Hegde, Ramesh (OpenCall) wrote:
> #0 0x00275a2a in memcpy () from /lib/tls/libc.so.6
> (gdb) bt
> #0 0x00275a2a in memcpy () from /lib/tls/libc.so.6
> #1 0x00f36f50 in saEvtEventAttributesGet (eventHandle=7514898204727443546,
> patternArray=0xbfe38870, priority=0xbfe3886f "", retentionTime=0xbfe38860,
> publisherName=0xbfe38750, publishTime=0xbfe38748, eventId=0xbfe38740)
> at evt.c:1715
> #2 0x00fc5a66 in event_callback ()
> from /home/ramesh/COAM/NS/tmay6/build/i386/libSaNtf.so.1
> #3 0x00f35616 in saEvtDispatch (evtHandle=7749363892505018368,
> dispatchFlags=SA_DISPATCH_ONE) at evt.c:816
> #4 0x00fc542e in saNtfDispatch ()
> from /home/ramesh/COAM/NS/tmay6/build/i386/libSaNtf.so.1
> #5 0x0804962f in main ()
> (gdb) up
> #1 0x00f36f50 in saEvtEventAttributesGet (eventHandle=7514898204727443546,
> patternArray=0xbfe38870, priority=0xbfe3886f "", retentionTime=0xbfe38860,
> publisherName=0xbfe38750, publishTime=0xbfe38748, eventId=0xbfe38740)
> at evt.c:1715
> 1715 evt.c: No such file or directory.
> in evt.c
> (gdb) print npats
> $1 = 1
> (gdb) print i
> $2 = 0
> (gdb) patternArray->patterns[i[.pattern print
> edi->edi_patterns.patterns[i].pattern
> Undefined command: "patternArray-". Try "help".
> (gdb) print patternArray->patterns[i[.pattern print
> edi->edi_patterns.patterns[i].pattern
> A syntax error in expression, near `.pattern print
> edi->edi_patterns.patterns[i].pattern'.
> (gdb) print patternArray->patterns[i[.pattern print
> edi->edi_patterns.patterns[i].pattern
> A syntax error in expression, near `.pattern print
> edi->edi_patterns.patterns[i].pattern'.
> (gdb) print patternArray->patterns[i[.pattern
> A syntax error in expression, near `.pattern'.
> (gdb) print patternArray->patterns[i].pattern
> $3 = (SaUint8T *) 0x0
pattern isn't allocated. see section 3.4.5.1 SaEvtEventPatternT
definition for information about how this works. Read section 3.7.4
saEvtEventAttributesGet for the patternArray usage model.
> (gdb) priint edi->edi_patterns.patterns[i].pattern
> Undefined command: "priint". Try "help".
> (gdb) print edi->edi_patterns.patterns[i].pattern
> $4 = (SaUint8T *) 0x87ddbb0 "SA_EVT_LOST_EVENT_PATTERN"
> (gdb) print *edi
> $5 = {edi_channel_handle = 7222815479134420992, edi_patterns = {
> allocatedNumber = 1, patternsNumber = 1, patterns = 0x87ddb98},
> edi_priority = 0 '\0', edi_retention_time = 0, edi_pub_name = {length = 14,
> value = "EVENT_SERIVCE", '\0' <repeats 242 times>}, edi_pub_node = 0,
> edi_pub_time = 1210095384472981000, edi_event_id = 1, edi_event_data = 0x0,
> edi_event_data_size = 0, edi_freeing = 0, edi_mutex = {__m_reserved = 1,
> __m_count = 0, __m_owner = 0x3da7, __m_kind = 0, __m_lock = {__status = 1,
> __spinlock = 0}}, edi_hl = 0x87ddbd0, edi_ro = 1}
> (gdb) print patternArray->patterns[i].allocatedSize
> $6 = 313532612608
this value is very wrong. It should be set by the user for the size of
the "pattern" field above. The allocatedsize should be some reasonable
variable not 3 gigabytes of memory :)
> (gdb) print edi->edi_patterns.patterns[i].patternSize
> $7 = 26
> (gdb)
>
> -----Original Message-----
> From: Steven Dake [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, May 06, 2008 11:51 PM
> To: Hegde, Ramesh (OpenCall)
> Cc: [email protected]; [EMAIL PROTECTED]
> Subject: Re: saEvtEventAttributesGet is thread safe?
>
> Type "up"
>
> this should take you to stack frame #1.
>
> then print npats.
>
> then print i
>
> then print patternArray->patterns[i[.pattern
> print edi->edi_patterns.patterns[i].pattern
> print *edi
> print patternArray->patterns[i].allocatedSize
> print edi->edi_patterns.patterns[i].patternSize
>
> This should give me some data to work with.
>
> I would guess somehow that memcpy operation at 1715 is accessing data
> out of bounds. This could occur because the array for pattern is too
> short as allocated by the application.
>
> Unfortunately there is no performant way on a posix system to validate a
> memory access in a c library as a valid addressable area. memcpy tells
> you with the segfault, however :)
>
>
> On Tue, 2008-05-06 at 17:38 +0000, Hegde, Ramesh (OpenCall) wrote:
> > Hello Steve,
> >
> >
> >
> > I am invoking saEvtEventAttributesGet in event_callback function to
> > get event Id. When I run my subscriber, it invokes this callback
> > during dispatch. When I receive many events the subscriber dumps core
> > with segmentation fault. The dump analysis with gdb is as below
> >
> >
> >
> > gdb) bt
> >
> > #0 0x00275a2a in memcpy () from /lib/tls/libc.so.6
> >
> > #1 0x00f36f50 in saEvtEventAttributesGet
> > (eventHandle=7514898204727443546, patternArray=0xbfe38870,
> > priority=0xbfe3886f "", retentionTime=0xbfe38860,
> >
> > publisherName=0xbfe38750, publishTime=0xbfe38748,
> > eventId=0xbfe38740) at evt.c:1715
> >
> > #2 0x00fc5a66 in event_callback ()
> > from /home/ramesh/COAM/NS/tmay6/build/i386/libSaNtf.so.1
> >
> > #3 0x00f35616 in saEvtDispatch (evtHandle=7749363892505018368,
> > dispatchFlags=SA_DISPATCH_ONE) at evt.c:816
> >
> >
> >
> > Can you help me to resolve this issue. The call
> > saEvtEventAttributesGet() is thread safe?
> >
> >
> >
> > Let me know
> >
> >
> >
> > Regards
> >
> > Ramesh
> >
> >
> >
> >
> >
> > Ramesh Hegde
> >
> > Software Engineer, Hewlett Packard
> >
> >
> > India Software Operations Pvt. Ltd
> >
> >
> > Sy No 192, Whitefield Road
> >
> >
> > Mahadevapura Post
> >
> >
> > Bangalore - 560 048. India.
> >
> >
> > +91 80 2516 6486- Direct
> >
> >
> > +91 80 2513 3522 - Fax
> >
> >
> > Jabber Id : [EMAIL PROTECTED]
> >
> >
> > +hp = everything is possible
> >
> >
> >
> >
>
_______________________________________________
Openais mailing list
[email protected]
https://lists.linux-foundation.org/mailman/listinfo/openais
