[zeromq-dev] Potential bug found
Chuck Remes
cremes.devlist at mac.com
Tue Aug 31 15:47:02 CEST 2010
On Aug 31, 2010, at 8:15 AM, Mikael Helbo Kjær wrote:
> Hi everyone
>
> I've been tinkering with my system and I've hit a problem inside zmq that I haven't been able to debug or figure out just yet. My code is trying to send when I hit it.
>
> I get an access violation (for those who aren't into Windows ways of putting things Zeromq is access memory that is not valid for it to use) in the zmq::writer_t::process_pipe_term() function. Apparently Endpoint has a value (it is not 00000000), but it is not a valid object because the v-table points as 0xfeeefeee which is a guard value if I remember correctly. Anyway zmq calls a function but the object no longer exists. I believe I am hitting some sort of thread interaction issue with zmq in the process of shutting down said endpoint, but the pointer to endpoint not getting cleared (always a possible issue if you can't use shared_ptr's and the like). Now I am not yet familiar with the innards of the library, but I doubt I am supposed to be able to crash it by calling a function on it.
>
> My system has the following call stack when it goes down:
> libzmqd.dll!zmq::writer_t::process_pipe_term() Line 305 + 0x14 bytes C++
> libzmqd.dll!zmq::object_t::process_command(zmq::command_t & cmd_={...}) Line 98 + 0xf bytes C++
> libzmqd.dll!zmq::app_thread_t::process_commands(bool block_=false, bool throttle_=true) Line 129 C++
> libzmqd.dll!zmq::socket_base_t::send(zmq_msg_t * msg_=0x0420f948, int flags_=0) Line 351 + 0x12 bytes C++
> libzmqd.dll!zmq_send(void * s_=0x00d87168, zmq_msg_t * msg_=0x0420f948, int flags_=0) Line 357 C++
> fservertest.exe!zmq::socket_t::send(zmq::message_t & msg_={...}, int flags_=0) Line 246 + 0x14 bytes C++
>
> All values from my side of the fence should be valid (socket_t and message_t mostly). The socket_t was allocated on the calling thread, but the context_t that it was built from was not (it was given to the thread as a pointer).
>
> I can't really pick out an easy code example to reproduce this just now (I have some other stuff that has priority as it is a bug in some production code), but I will try ASAP unless told that this is a known graceful shutdown issue. I will put up an issue on github if people think this is a zeromq bug and not just my boneheadedness.
It is *not* safe to call zmq_close on a socket from any thread other than the one where the socket was allocated.
This is a known limitation in the library. See:
http://github.com/zeromq/zeromq2/issues/closed#issue/53
This limitation will be removed in the 2.1.x branch.
cr
More information about the zeromq-dev
mailing list