From: Jan Kiszka <jan.kiszka@domain.hid>
To: Christoph Permes <christoph.permes@domain.hid>
Cc: xenomai@xenomai.org
Subject: Re: [Xenomai-help] Segmentation fault in rt_printf print thread
Date: Fri, 28 Aug 2009 09:38:01 +0200 [thread overview]
Message-ID: <4A978959.5060604@domain.hid> (raw)
In-Reply-To: <1251374443.4321.40.camel@domain.hid>
[-- Attachment #1: Type: text/plain, Size: 4070 bytes --]
Christoph Permes wrote:
> Hi,
>
> I have examined the print_buffers() function and my core dump:
>
> #1 0xb8087f61 in print_buffers () at rt_print.c:380
> 380 fprintf(head->dest, "%s", head->text);
> (gdb) print head->dest
> $1 = (FILE *) 0x445b205d
> (gdb) print head->text
> $2 = "_"
> (gdb) print (char*)head
> $3 = 0x8ea5a02 "] [D] [V_MainClampToteRequest ] ===> [1]\n"
> (gdb) print buffer->read_pos
> $4 = 3482
> (gdb) print *(char*)buffer->ring@domain.hid
> $5 = "... [67046.506] [CONTROL] [1104820] [\000] [D] [V_MainClamp"
>
> As the above output shows the head pointer points to a wrong memory
> address, the head->dest FILE pointer results from some text written to
> the buffer.
>
> buffer = get_next_buffer();
> if (!buffer)
> break;
>
> read_pos = buffer->read_pos;
> head = buffer->ring + read_pos;
> len = strlen(head->text);
>
> if (len) {
> /* Print out non-empty entry and proceed */
> fprintf(head->dest, "%s", head->text); // ==> SEGV
> read_pos += sizeof(*head) + len;
> } else {
> /* Emptry entries mark the wrap-around */
> read_pos = 0;
> }
>
> Obviously the value of buffer->read_pos is not correct or the buffer
> pointer returned by get_next_buffer() points to a wrong address.
Hmm, strange. Code meditation didn't help, so I need to keep you busy
with testing. Could you try this instrumentation? It should choke if the
rt_vfprintf actually overwrites already written data.
Thanks,
Jan
diff --git a/src/rtdk/rt_print.c b/src/rtdk/rt_print.c
index 0615247..bcd8c88 100644
--- a/src/rtdk/rt_print.c
+++ b/src/rtdk/rt_print.c
@@ -16,6 +16,7 @@
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
*/
+#include <assert.h>
#include <errno.h>
#include <inttypes.h>
#include <limits.h>
@@ -37,7 +38,10 @@
#define RT_PRINT_LINE_BREAK 256
+#define RT_PRINT_HEAD_MAGIC 0xDEADBEAF
+
struct entry_head {
+ uint32_t magic;
FILE *dest;
uint32_t seq_no;
char text[1];
@@ -103,6 +107,10 @@ int rt_vfprintf(FILE *stream, const char *format, va_list args)
read_pos = buffer->read_pos;
xnarch_read_memory_barrier();
+ assert(write_pos == read_pos ||
+ ((struct entry_head *)buffer->read_pos)->magic ==
+ RT_PRINT_HEAD_MAGIC);
+
/* Is our write limit the end of the ring buffer? */
if (write_pos >= read_pos) {
/* Keep a savety margin to the end for at least an empty entry */
@@ -114,6 +122,7 @@ int rt_vfprintf(FILE *stream, const char *format, va_list args)
if (len == 0 && read_pos > sizeof(struct entry_head)) {
/* Write out empty entry */
head = buffer->ring + write_pos;
+ head->magic = RT_PRINT_HEAD_MAGIC;
head->seq_no = seq_no;
head->text[0] = 0;
@@ -136,6 +145,10 @@ int rt_vfprintf(FILE *stream, const char *format, va_list args)
res = vsnprintf(head->text, len, format, args);
+ assert(write_pos == read_pos ||
+ ((struct entry_head *)buffer->read_pos)->magic ==
+ RT_PRINT_HEAD_MAGIC);
+
if (res < len) {
/* Text was written completely, res contains its length */
len = res;
@@ -147,6 +160,7 @@ int rt_vfprintf(FILE *stream, const char *format, va_list args)
/* If we were able to write some text, finalise the entry */
if (len > 0) {
+ head->magic = RT_PRINT_HEAD_MAGIC;
head->seq_no = ++seq_no;
head->dest = stream;
@@ -159,6 +173,7 @@ int rt_vfprintf(FILE *stream, const char *format, va_list args)
read_pos <= write_pos && read_pos > buffer->size - write_pos) {
/* An empty entry marks the wrap-around */
head = buffer->ring + write_pos;
+ head->magic = RT_PRINT_HEAD_MAGIC;
head->seq_no = seq_no;
head->text[0] = 0;
@@ -382,6 +397,8 @@ static void print_buffers(void)
head = buffer->ring + read_pos;
len = strlen(head->text);
+ assert(head->magic == RT_PRINT_HEAD_MAGIC);
+
if (len) {
/* Print out non-empty entry and proceed */
fprintf(head->dest, "%s", head->text);
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 257 bytes --]
next prev parent reply other threads:[~2009-08-28 7:38 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-08-26 8:01 [Xenomai-help] Segmentation fault in rt_printf print thread Christoph Permes
2009-08-26 8:12 ` Gilles Chanteperdrix
2009-08-27 6:24 ` Christoph Permes
2009-08-27 8:24 ` Jan Kiszka
2009-08-27 12:00 ` Christoph Permes
2009-08-28 7:38 ` Jan Kiszka [this message]
2009-08-28 8:38 ` Christoph Permes
2009-08-28 9:07 ` Jan Kiszka
2009-08-31 8:09 ` Christoph Permes
2009-09-07 7:35 ` Christoph Permes
2009-09-07 8:43 ` Jan Kiszka
2009-09-07 8:58 ` Gilles Chanteperdrix
2009-09-07 9:17 ` Jan Kiszka
2009-09-09 11:42 ` Gilles Chanteperdrix
2009-09-09 11:58 ` Gilles Chanteperdrix
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4A978959.5060604@domain.hid \
--to=jan.kiszka@domain.hid \
--cc=christoph.permes@domain.hid \
--cc=xenomai@xenomai.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.