[zeromq-dev] Potential bug found

Chuck Remes cremes.devlist at mac.com
Tue Aug 31 15:47:02 CEST 2010


On Aug 31, 2010, at 8:15 AM, Mikael Helbo Kjær wrote:

> Hi everyone
> 
> I've been tinkering with my system and I've hit a problem inside zmq that I haven't been able to debug or figure out just yet. My code is trying to send when I hit it.
> 
> I get an access violation (for those who aren't into Windows ways of putting things Zeromq is access memory that is not valid for it to use) in the zmq::writer_t::process_pipe_term() function. Apparently Endpoint has a value (it is not 00000000), but it is not a valid object because the v-table points as 0xfeeefeee which is a guard value if I remember correctly. Anyway zmq calls a function but the object no longer exists. I believe I am hitting some sort of thread interaction issue with zmq in the process of shutting down said endpoint, but the pointer to endpoint not getting cleared (always a possible issue if you can't use shared_ptr's and the like). Now I am not yet familiar with the innards of the library, but I doubt I am supposed to be able to crash it by calling a function on it.
> 
> My system has the following call stack when it goes down:
> 	libzmqd.dll!zmq::writer_t::process_pipe_term()  Line 305 + 0x14 bytes	C++
> 	libzmqd.dll!zmq::object_t::process_command(zmq::command_t & cmd_={...})  Line 98 + 0xf bytes	C++
> 	libzmqd.dll!zmq::app_thread_t::process_commands(bool block_=false, bool throttle_=true)  Line 129	C++
> 	libzmqd.dll!zmq::socket_base_t::send(zmq_msg_t * msg_=0x0420f948, int flags_=0)  Line 351 + 0x12 bytes	C++
> 	libzmqd.dll!zmq_send(void * s_=0x00d87168, zmq_msg_t * msg_=0x0420f948, int flags_=0)  Line 357	C++
> 	fservertest.exe!zmq::socket_t::send(zmq::message_t & msg_={...}, int flags_=0)  Line 246 + 0x14 bytes	C++
> 
> All values from my side of the fence should be valid (socket_t and message_t mostly). The socket_t was allocated on the calling thread, but the context_t that it was built from was not (it was given to the thread as a pointer).
> 
> I can't really pick out an easy code example to reproduce this just now (I have some other stuff that has priority as it is a bug in some production code), but I will try ASAP unless told that this is a known graceful shutdown issue. I will put up an issue on github if people think this is a zeromq bug and not just my boneheadedness.

It is *not* safe to call zmq_close on a socket from any thread other than the one where the socket was allocated.

This is a known limitation in the library. See:

http://github.com/zeromq/zeromq2/issues/closed#issue/53

This limitation will be removed in the 2.1.x branch.

cr


More information about the zeromq-dev mailing list