Re: [zeromq-dev] zmq crash when using PGM

纪明 Tue, 14 Aug 2018 03:40:54 -0700


在 2018-08-14 17:49, Luca Boccassi 写道:

On Mon, 2018-08-13 at 14:52 +0800, 纪明 wrote:

Hi all:

      We are using ZMQ to do some multicast work. The service keep
crashing, and we found it has something to do with pgm_receiver.

      Specifically, there is a function called
zmq::pgm_receiver_t::restart_input(), when it receives some data, it
calls decoder to decode the message. On line 132, it checks if the
message size is greater than zero. If yes, it will call
process_input()
function to decode the message. However, when insize is greater than
zero, inpos could point to null. When this happens, zmq crashes when
calling memcpy to copy something to the memory that inpos points to.
This actually looks like a threading issue to us.

      We really appreciate if anyone familiar with this zmq could
point
out a solution to this. We are using zmq in a real time environment,
occassional message drop is more acceptable than crashing the
service.
We tried to change the source code a little bit, from "if (insize >
0)"
to "if (insize > 0 && inpos)". It caused other problem.

Thanks a lot in advance.
Ming

Are you using a socket from multiple threads by any chance?

No, we are only using socket with the same ip in one thread. We suspectthere is threading issue inside zmq that causes inpos to become nullmagically. We did a dirty fix on process_input function, and the changeseems to save our system from crashing. We are worrying if a messagecould be processed partially now. We will be in trouble in thatsituation too. The change we made is:


int zmq::pgm_receiver_t::process_input (v1_decoder_t *decoder)
{
    zmq_assert (session != NULL);

       // Change that seems to prevent crashing
        const void* pTmp = static_cast<const void*>(inpos);
        if (pTmp == nullptr) {
                return -1;
        }
        else {
        while (insize > 0) {
                size_t n = 0;
                int rc = decoder->decode (inpos, insize, n);
                if (rc == -1)
                return -1;
                inpos += n;
                insize -= n;
                if (rc == 0)
                break;
                rc = session->push_msg (decoder->msg ());
                if (rc == -1) {
                errno_assert (errno == EAGAIN);
                return -1;
                }
        }
        }
    return 0;
}



_______________________________________________
zeromq-dev mailing list
[email protected]
https://lists.zeromq.org/mailman/listinfo/zeromq-dev


--
纪明
浙江永安资本管理有限公司
期权做市部
电话：0571-87238686
地址：浙江省杭州市江干区新业路200号32楼

_______________________________________________
zeromq-dev mailing list
[email protected]
https://lists.zeromq.org/mailman/listinfo/zeromq-dev

Re: [zeromq-dev] zmq crash when using PGM

Reply via email to