[BUG] (suspected) VM crash upon UDP socket #sendData:

mds zenporcupinegrind at breathe.com
Sat Jul 3 01:44:56 UTC 2004


Hi all,

Since in my never-ending stupidity I managed to file this bug report
under Craig's thread, I've reposted it (hopefully) correctly. The
previous posting was divided into two parts, one of them a followup ---
I simply combined the contents of the second message into this new post,
which should contain all the relevant information.

What could go wrong this time? Anyways ... 

Just came across a suspected bug while hacking with UDP sockets, the
simple task being to send a piece of data to a given port and a given
hostname.

Connection itself is successful, a call to #sendData: however, is not.

Here's the code I tried from a workspace:


	"---------------------------------------"
	s := Socket newUDP. s disconnect.
	host := #(192 168 71 10) asByteArray.
	s connectTo: host port: 137.

	s sendData: String lf.
	"---------------------------------------"


this results in the VM hanging for a couple of seconds, then closing
with a Segmentation Fault; here's the console output when the VM has
shut down ...


	Segmentation fault

	-2008990536 Socket>waitForSendDoneFor:
	-2008990628 Socket>sendData:
	-2008991032 UndefinedObject>DoIt
	-2009014848 Compiler>evaluate:in:to:notifying:ifFail:
	-2009014472 [] in ParagraphEditor>evaluateSelection
	-2009014972 BlockContext>on:do:
	-2009020144 ParagraphEditor>evaluateSelection
	-2009020236 ParagraphEditor>doIt
	-2009019960 [] in ParagraphEditor>doIt:
	-2009020328 Controller>terminateAndInitializeAround:
	-2009020420 ParagraphEditor>doIt:
	-2009020880 ParagraphEditor>dispatchOnCharacter:with:
	-2009020996 TextMorphEditor>dispatchOnCharacter:with:
	-2009021220 ParagraphEditor>readKeyboard
	-2009021312 TextMorphEditor>readKeyboard
	-2009026692 [] in TextMorph>keyStroke:
	-2009026784 TextMorph>handleInteraction:fromEvent:
	-2009026876 TextMorphForEditView>handleInteraction:fromEvent:
	-2009027020 TextMorph>keyStroke:
	-2009027112 TextMorphForEditView>keyStroke:
	-2009027296 TextMorph>handleKeystroke:
	-2009027388 KeyboardEvent>sentTo:
	-2009027480 Morph>handleEvent:
	-2009027572 Morph>handleFocusEvent:
	-2009027204 [] in HandMorph>sendFocusEvent:to:clear:
	-2009027664 PasteUpMorph>becomeActiveDuring:
	-2009027940 HandMorph>sendFocusEvent:to:clear:
	-2009028164 HandMorph>sendEvent:focus:clear:
	-2009028256 HandMorph>sendKeyboardEvent:
	-2009028348 HandMorph>handleEvent:
	-2009037184 HandMorph>processEvents
	-2009037092 [] in WorldState>doOneCycleNowFor:
	-2009037276 SequenceableCollection>do:
	-2009037368 WorldState>handsDo:
	-2009037460 WorldState>doOneCycleNowFor:
	-2009044832 WorldState>doOneCycleFor:
	-2009044924 PasteUpMorph>doOneCycle
	-2011382684 [] in Project class>spawnNewProcess
	-2011382500 [] in BlockContext>newProcess
	Abort (core dumped)


I did a bit of gdb sniffing, and found the following two things:

1) the output of gdb upon segmentation fault indicated:

Program received signal SIGSEGV, Segmentation fault.
0x1c09927e in socketWritable (s=115)
    at
	/home/mds/Development/squeak/vm-src/Squeak-3.6-3/platforms/unix/plugins/SocketPlugin/sqUnixSocket.c:317
	317       FD_SET(s, &fds);


2) therefore I had a quick look in the file in question myself, the
failing function being:

	/* answer whether the socket can be written without blocking */

	static int socketWritable(int s)
	{
	  struct timeval tv= { 0, 0 };
	  fd_set fds;

	  FD_ZERO(&fds);
	  FD_SET(s, &fds);
	  return select(s+1, 0, &fds, 0, &tv) > 0;
	}

---> which as we know from above never reaches that return statement.

Examination of the variables fds and s reveal the following:


	(gdb) print fds
	$1 = {fds_bits = {1400137067, 1147432549, 6647407, 403056675, 1835627120, 1986622569, 
		1936020069, 1702259823, 1868710258, 1867281522, 1886743407, 57681963, 1835627120, 
		1986622569, 1936020069, 1702259823, 1684291954, 1936942450, 1802465100, 1699901557, 
		1953265011, 122825247, 1835627120, 1986622569, 1936020069, 1702259823, 1920091506, 
		29295, 55323431, 1835627120, 1986622569, 1936020069}}
	(gdb) print s
	$2 = -1


evidently, 
	static int socketWritable(int s)
is being called with a negative value for s.


Since this is a unix plugin, it would be interesting to know whether the
same errors are experienced on windows (i doubt it).

I found this bug whilst running Squeak 3.6 under OpenBSD 3.5:

	mds /home/mds> squeak -version
	3.6-3 #10 Fri Jun 25 23:22:56 PDT 2004 gcc 2.95.3
	Squeak3.6 of '6 October 2003' [latest update: #5429]
	OpenBSD zpg.presbytery.prv 3.5 GENERIC#34 i386
	default plugin location: /usr/local/lib/squeak/3.6-3/*.so

---> jkdufair also experienced a VM crash on his Linux box with the same
code; he tells me he is running kernel version: [2.4.20-28.7] and vm: 
[3.6-3].

Indeed, my UDP code might be flaky/incorrect, but certainly not enough
to yield a segmentation fault for the VM ;-)

Cheers for now,
Marc (mds)


-- 




More information about the Squeak-dev mailing list