Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crash in qsrv using invalid options #43

Open
dirk-zimoch opened this issue Sep 6, 2021 · 4 comments
Open

crash in qsrv using invalid options #43

dirk-zimoch opened this issue Sep 6, 2021 · 4 comments

Comments

@dirk-zimoch
Copy link

When using an option in qsrv that does not exist, the IOC crashed in iocInit.
Current 7.0 branch commit 7ce6915, pva2pva version 1.3.1-1-g61ec071

Example db:

record (longin, "crashrecord")
{
    info(Q:group, {
        "crashpv": {
            x: {+doesntexist:1}
        }
    })
}

Error message during iocInit:

crashrecord: warning(s) from info(Q:group, ...
Unknown group field option x/usr/local/bin/iocsh: line 482: 29540 Segmentation fault      (core dumped) /home/zimoch/epics/epics-base-7.0-pure/bin/RHEL7-x86_64/softIocPVA -D /home/zimoch/epics/epics-base-7.0-pure/dbd/softIocPVA.dbd /tmp/iocsh.startup.29520

Stack trace:

Program terminated with signal 11, Segmentation fault.
#0  0x00007f07d274c00a in ScalarBuilder::dtype() () from /home/zimoch/epics/epics-base-7.0-pure/lib/RHEL7-x86_64/libqsrv.so.1.2
Missing separate debuginfos, use: debuginfo-install glibc-2.17-323.el7_9.x86_64 libgcc-4.8.5-44.el7.x86_64 libstdc++-4.8.5-44.el7.x86_64 ncurses-libs-5.9-14.20130511.el7_4.x86_64 readline-6.2-11.el7.x86_64
(gdb) bt
#0  0x00007f07d274c00a in ScalarBuilder::dtype() () from /home/zimoch/epics/epics-base-7.0-pure/lib/RHEL7-x86_64/libqsrv.so.1.2
#1  0x00007f07d274d972 in PVIFBuilder::dtype(std::shared_ptr<epics::pvData::FieldBuilder>&, std::string const&) ()
   from /home/zimoch/epics/epics-base-7.0-pure/lib/RHEL7-x86_64/libqsrv.so.1.2
#2  0x00007f07d275ef2d in PDBProvider::PDBProvider(std::shared_ptr<epics::pvAccess::Configuration const> const&) ()
   from /home/zimoch/epics/epics-base-7.0-pure/lib/RHEL7-x86_64/libqsrv.so.1.2
#3  0x00007f07d2758de8 in epics::pvAccess::SingletonChannelProviderFactory<PDBProvider>::newInstance(std::shared_ptr<epics::pvAccess::Configuration> const&) () from /home/zimoch/epics/epics-base-7.0-pure/lib/RHEL7-x86_64/libqsrv.so.1.2
#4  0x00007f07d1ff283c in epics::pvAccess::ChannelProviderRegistry::createProvider(std::string const&, std::shared_ptr<epics::pvAccess::Configuration> const&) () from /home/zimoch/epics/epics-base-7.0-pure/lib/RHEL7-x86_64/libpvAccess.so.7.1.5
#5  0x00007f07d1fd940a in pvac::ClientProvider::ClientProvider(std::string const&, std::shared_ptr<epics::pvAccess::Configuration> const&)
    () from /home/zimoch/epics/epics-base-7.0-pure/lib/RHEL7-x86_64/libpvAccess.so.7.1.5
#6  0x00007f07d277cc1a in (anonymous namespace)::initPVALink(initHookState) ()
   from /home/zimoch/epics/epics-base-7.0-pure/lib/RHEL7-x86_64/libqsrv.so.1.2
#7  0x00007f07d1238bb9 in initHookAnnounce () from /home/zimoch/epics/epics-base-7.0-pure/lib/RHEL7-x86_64/libCom.so.3.20.1
#8  0x00007f07d174256d in iocBuild_2 () from /home/zimoch/epics/epics-base-7.0-pure/lib/RHEL7-x86_64/libdbCore.so.3.20.1
#9  0x00007f07d17426c5 in iocBuild () from /home/zimoch/epics/epics-base-7.0-pure/lib/RHEL7-x86_64/libdbCore.so.3.20.1
#10 0x00007f07d1742879 in iocInit () from /home/zimoch/epics/epics-base-7.0-pure/lib/RHEL7-x86_64/libdbCore.so.3.20.1
#11 0x00007f07d1742b99 in iocInitCallFunc () from /home/zimoch/epics/epics-base-7.0-pure/lib/RHEL7-x86_64/libdbCore.so.3.20.1
#12 0x00007f07d1237d83 in iocshBody () from /home/zimoch/epics/epics-base-7.0-pure/lib/RHEL7-x86_64/libCom.so.3.20.1
#13 0x0000000000405de7 in main ()
@dirk-zimoch
Copy link
Author

In order to improve debugging, I re-compiled with HOST_OPT=NO and got no crash! Just the error message:

Error: syntax error
 at or before "{" in path "."  file "crash-qsrv.db" line 3

@dirk-zimoch
Copy link
Author

Oops, accidentally started 3.14.12

@dirk-zimoch
Copy link
Author

Without optimization I get the following stack trace (with source code line numbers this time):

#0  0x00007fe03f3fb513 in ScalarBuilder::dtype (this=0xa37bd0) at ../pvif.cpp:780
#1  0x00007fe03f3fea93 in PVIFBuilder::dtype (this=0xa37bd0, builder=std::shared_ptr (count 1, weak 1) 0xa37a80, fld="x")
    at ../pvif.cpp:1224
#2  0x00007fe03f413436 in PDBProvider::PDBProvider (this=0xa37240) at ../pdb.cpp:461
#3  0x00007fe03f410568 in epics::pvAccess::SingletonChannelProviderFactory<PDBProvider>::sharedInstance (this=0x97ee50)
    at /home/zimoch/epics/epics-base-7.0-pure/include/pv/pvAccess.h:1412
#4  0x00007fe03f410623 in epics::pvAccess::SingletonChannelProviderFactory<PDBProvider>::newInstance (this=0x97ee50, conf=
    std::shared_ptr (count 1, weak 0) 0xa371e0) at /home/zimoch/epics/epics-base-7.0-pure/include/pv/pvAccess.h:1421
#5  0x00007fe03ea6ccf9 in epics::pvAccess::ChannelProviderRegistry::createProvider (this=0x988940, providerName="QSRV", 
    conf=std::shared_ptr (count 1, weak 0) 0xa371e0) at ../../src/factory/ChannelAccessFactory.cpp:57
#6  0x00007fe03ea55930 in pvac::ClientProvider::ClientProvider (this=0x7fff81f32060, providerName="server:QSRV", 
    conf=std::shared_ptr (empty) 0x0) at ../../src/client/client.cpp:267
#7  0x00007fe03f44a177 in (anonymous namespace)::initPVALink (state=initHookAfterInitDatabase) at ../pvalink.cpp:119
#8  0x00007fe03d94b63d in initHookAnnounce (state=initHookAfterInitDatabase) at ../iocsh/initHooks.c:88
#9  0x00007fe03dea44fb in iocBuild_2 () at ../misc/iocInit.c:169
#10 0x00007fe03dea45bb in iocBuild () at ../misc/iocInit.c:206
#11 0x00007fe03dea4374 in iocInit () at ../misc/iocInit.c:111
#12 0x00007fe03dea552a in iocInitCallFunc (args=0xa1ee40) at ../misc/miscIocRegister.c:26
#13 0x00007fe03d94a857 in iocshBody (pathname=0x7fff81f34257 "/tmp/iocsh.startup.30548", commandLine=0x0, macros=0x0)
    at ../iocsh/iocsh.cpp:943
#14 0x00007fe03d94acfe in iocshLoad (pathname=0x7fff81f34257 "/tmp/iocsh.startup.30548", macros=0x0) at ../iocsh/iocsh.cpp:1033
#15 0x00007fe03d94ac9e in iocsh (pathname=0x7fff81f34257 "/tmp/iocsh.startup.30548") at ../iocsh/iocsh.cpp:1019
#16 0x00000000004065ff in main (argc=4, argv=0x7fff81f32558) at ../softMain.cpp:239

@dirk-zimoch
Copy link
Author

dirk-zimoch commented Sep 6, 2021
edited by mdavidsaver
Loading

In pvif.cpp:780, ScalarBuilder::dtype() calls dbChannelFinalFieldType(channel) with channel = NULL.
dbChannelFinalFieldType is a macro defined in modules/database/src/ioc/db/dbChannel.h which dereferences its argument without checking the pointer for validity.

pva2pva/pdbApp/pvif.cpp

Lines 777 to 780 in 61ec071

epics::pvData::FieldConstPtr
ScalarBuilder::dtype()
{
short dbr = dbChannelFinalFieldType(channel);

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dirk-zimoch