[zeromq-dev] OpenPGM & segfault - assertion failed

Steven McCoy steven.mccoy at miru.hk
Wed May 12 07:07:26 CEST 2010


This patch, released under MIT license, shows memory corruption a bit
earlier,

--- a/src/pgm_socket.cpp
+++ b/src/pgm_socket.cpp
@@ -489,6 +489,10 @@ ssize_t zmq::pgm_socket_t::receive (void **raw_data_,
const pgm_tsi_t **tsi_)

         zmq_assert (status == PGM_IO_STATUS_NORMAL);
     }
+    else
+    {
+        zmq_assert (pgm_msgv_processed <= pgm_msgv_len);
+    }

     zmq_assert (nbytes_rec > 0);

@@ -507,6 +511,7 @@ ssize_t zmq::pgm_socket_t::receive (void **raw_data_,
const pgm_tsi_t **tsi_)

     //  Move the the next pgm_msgv_t structure.
     pgm_msgv_processed++;
+    zmq_assert (pgm_msgv_processed <= pgm_msgv_len);
     nbytes_processed +=raw_data_len;

     return raw_data_len;


Program received signal SIGABRT, Aborted.
[Switching to Thread 0x4120f950 (LWP 21328)]
0x00007faee290f095 in raise () from /lib/libc.so.6
(gdb) up
#1  0x00007faee2910af0 in abort () from /lib/libc.so.6
(gdb) up
#2  0x00007faee3438faa in zmq::pgm_socket_t::receive (this=0x60b0b8,
raw_data_=0x4120e340, tsi_=0x4120e338)
    at pgm_socket.cpp:494
494        zmq_assert (pgm_msgv_processed <= pgm_msgv_len);
(gdb) print pgm_msgv_processed
$9 = 7570551407401500672

-- 
Steve-o
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20100512/9ad17a39/attachment.htm>


More information about the zeromq-dev mailing list