Seeing a segfault in dumpiso on ubuntu 4.4.0-64 with libraw1394 v2.1.2 due to struct fw_cdev_iso_pa
Brought to you by:
aeb,
bencollins
Menu
▾
▴
Seeing a segfault in dumpiso on ubuntu 4.4.0-64 with libraw1394 v2.1.2 due to struct fw_cdev_iso_packet *p; is NULL in queue_packet
|
From: Michael C. <Michael.Coyle@NewWaveDV.COM> - 2017-05-18 15:53:12
|
New to the list, new to firewire. Just getting off the ground. Wanted to confirm I could use dumpiso/sendiso on a card I just got.
Seeing a SEGFAULT in
#0 0x7f6448a8d90d in queue_packet /home/mcoyle/Repos/libraw1394/src/fw-iso.c:62
Here's what I see on Ubuntu. I see the same thing on v2.1.1 and v2.1.0. Curious under what conditions
61 p = &handle->iso.packets[handle->iso.packet_index];
would result in p == NULL. The dereference of p in line 62 is what's causing the SEGFAULT.
Details follow below.
Any insights appreciated. Thanks!
Mike
------------------------------------------------------
mcoyle@test01:~/Repos/libraw1394/tools/.libs$ lspci | grep 1394
08:00.0 FireWire (IEEE 1394): Texas Instruments XIO2213A/B/XIO2221 IEEE-1394b OHCI Controller [Cheetah Express] (rev 01)
git clone of libraw1394
git checkout v2.1.2
autoreconf -i
./configure CFLAGS='-g -Og -fsanitize=address' CXXFLAGS='-g -Og -fsanitize=address'
make all
cd tools/.libs/
sudo LD_LIBRARY_PATH=/home/mcoyle/Repos/libraw1394/src/.libs gdb ./dumpiso
port: 0
channels: 0xffffffffffffffff
file: (null)
1394 isodump v2��������ASAN:SIGSEGV
=================================================================
==15158==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f6448a8d90e bp 0x000000000000 sp 0x7ffe11d681c0 T0)
#0 0x7f6448a8d90d in queue_packet /home/mcoyle/Repos/libraw1394/src/fw-iso.c:62
#1 0x7f6448a8dc6f in queue_recv_packets /home/mcoyle/Repos/libraw1394/src/fw-iso.c:199
#2 0x7f6448a901e1 in fw_iso_recv_start /home/mcoyle/Repos/libraw1394/src/fw-iso.c:287
#3 0x7f6448a8619b in raw1394_iso_recv_start /home/mcoyle/Repos/libraw1394/src/dispatch.c:737
#4 0x401eb7 in main /home/mcoyle/Repos/libraw1394/tools/dumpiso.c:260
#5 0x7f64486ce82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#6 0x4011e8 in _start (/home/mcoyle/Repos/libraw1394/tools/.libs/lt-dumpiso+0x4011e8)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/mcoyle/Repos/libraw1394/src/fw-iso.c:62 queue_packet
==15158==ABORTING
mcoyle@test01:~/Repos/libraw1394/tools/.libs$ sudo LD_LIBRARY_PATH=/home/mcoyle/Repos/libraw1394/src/.libs gdb ./dumpiso
GNU gdb (Ubuntu 7.11.1-0ubuntu1~16.04) 7.11.1
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./dumpiso...done.
(gdb) run
Starting program: /home/mcoyle/Repos/libraw1394/tools/.libs/dumpiso
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
port: 0
channels: 0xffffffffffffffff
file: (null)
1394 isodump v2��������
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff6c6190e in queue_packet (handle=handle@entry=0x62a000000200, length=<optimized out>, header_length=<optimized out>, tag=tag@entry=0 '\000', sy=sy@entry=0 '\000') at fw-iso.c:62
62 p->control =
(gdb) bt
#0 0x00007ffff6c6190e in queue_packet (handle=handle@entry=0x62a000000200, length=<optimized out>, header_length=<optimized out>, tag=tag@entry=0 '\000', sy=sy@entry=0 '\000')
at fw-iso.c:62
#1 0x00007ffff6c61c70 in queue_recv_packets (handle=handle@entry=0x62a000000200) at fw-iso.c:199
#2 0x00007ffff6c641e2 in fw_iso_recv_start (handle=0x62a000000200, start_on_cycle=-1, tag_mask=-1, sync=<optimized out>) at fw-iso.c:287
#3 0x00007ffff6c5a19c in raw1394_iso_recv_start (handle=handle@entry=0x60200000eff0, start_on_cycle=start_on_cycle@entry=-1, tag_mask=tag_mask@entry=-1, sync=sync@entry=0)
at dispatch.c:737
#4 0x0000000000401e98 in main (argc=<optimized out>, argv=<optimized out>) at dumpiso.c:260
(gdb) p p
$1 = (struct fw_cdev_iso_packet *) 0x0
(gdb) list
57 struct fw_cdev_queue_iso queue_iso;
58 struct fw_cdev_iso_packet *p;
59 int err;
60
61 p = &handle->iso.packets[handle->iso.packet_index];
62 p->control =
63 FW_CDEV_ISO_PAYLOAD_LENGTH(length) |
64 FW_CDEV_ISO_TAG(tag) |
65 FW_CDEV_ISO_SY(sy) |
66 FW_CDEV_ISO_HEADER_LENGTH(header_length);
(gdb) p handle
$2 = (fw_handle_t) 0x62a000000200
(gdb) p *handle
$3 = {ports = {{device_file = "/dev/fw0", '\000' <repeats 23 times>, name = 0x0, node_count = 1, card = 0}, {device_file = '\000' <repeats 31 times>, name = 0x0, node_count = 0,
card = -1} <repeats 15 times>}, port_count = 1, err = 0, card = 0, generation = 1, abi_version = 5, userdata = 0x0, notify_bus_reset = 1,
bus_reset_handler = 0x7ffff6c5a71b <default_bus_reset_handler>, tag_handler = 0x7ffff6c5a663 <default_tag_handler>, arm_tag_handler = 0x7ffff6c5a6b7 <default_arm_tag_handler>,
fcp_handler = 0x0, fcp_allocation_handle = 0, allocations = 0x0, ioctl_fd = 8, epoll_fd = 3, inotify_fd = 6, inotify_watch = 1, pipe_fds = {4, 5}, pipe_closure = {
func = 0x7ffff6c5abc1 <handle_echo_pipe>}, inotify_closure = {func = 0x7ffff6c5c700 <handle_inotify>}, devices = {{closure = {func = 0x7ffff6c5afa1 <handle_device_event>}, fd = 8,
node_id = 65472, generation = 1, filename = "/dev/fw0\000\000\000\000\000\000\000"}, {closure = {func = 0x0}, fd = 0, node_id = -1, generation = 0,
filename = '\000' <repeats 15 times>} <repeats 62 times>}, local_device = 0x62a000000580, nodes = {0, -1 <repeats 62 times>}, reset = {closure = 0, type = 0, node_id = 65472,
local_node_id = 65472, bm_node_id = 65472, irm_node_id = 65472, root_node_id = 65472, generation = 1}, iso = {filename = 0x62a000000594 "/dev/fw0", closure = {func = 0x0}, fd = -1,
kernel_handle = 0, type = 0, irq_interval = 0, packet_phase = 0, packet_count = 0, packet_index = 0, buf_packets = 0, max_packet_size = 0, prebuffer = 0, start_on_cycle = 0,
recv_mode = 0, state = ISO_STOPPED, xmit_handler = 0x0, recv_handler = 0x0, buffer = 0x0, buffer_end = 0x0, head = 0x0, tail = 0x0, first_payload = 0x0, packets = 0x0}, buffer = {
0 <repeats 2048 times>}}
(gdb) p handle->iso.packet_index
$4 = 0
|