Skip to content

Segmentation fault while create_datawriter #4388

Closed as not planned
Closed as not planned
@llddang

Description

@llddang

Expected behavior

Process will exit with 0.

Current behavior

Process exited with signal SIGSEGV, Segmentation fault.

Steps to Reproduce

  1. Create Participant, Topic, Publisher with default qos like this example.
  2. Create DataWriter with max_samples of resource_limits of 900000000.
  3. Running with RTPS (ex: ./publisher -DCPSConfigFile rtps.ini)

publisher.cpp:

int main(int argc, char* argv[]){
    DomainParticipantFactory_var factory = TheParticipantFactoryWithArgs(argc, argv);

    DomainParticipant_var participant= factory->create_participant(4, PARTICIPANT_QOS_DEFAULT, 0, DEFAULT_STATUS_MASK);
    if( !participant ) std::cout << "ERROR: create_participant failed \n";

    Messenger::MessageTypeSupport_var ts = new Messenger::MessageTypeSupportImpl;
    if( ts->register_type(participant, "") != RETCODE_OK ) std::cout << "ERROR: register_type failed \n";

    CORBA::String_var type_name = ts->get_type_name();
    Topic_var topic = participant->create_topic("TopicName", type_name, TOPIC_QOS_DEFAULT, 0, DEFAULT_STATUS_MASK);
    if( !topic ) std::cout << "ERROR: create_topic failed \n";

    Publisher_var pub = participant->create_publisher(PUBLISHER_QOS_DEFAULT, 0, DEFAULT_STATUS_MASK);
    if( !pub ) std::cout << "ERROR: create_publisher failed \n";

    DataWriterQos writer_qos;
    pub->get_default_datawriter_qos(writer_qos);
    writer_qos.resource_limits.max_samples = 900000000;

    DataWriter_var writer = pub->create_datawriter(topic, writer_qos, 0, DEFAULT_STATUS_MASK);
    if( !writer ) std::cout << "ERROR: create_datawriter failed \n";

    participant->delete_contained_entities();
    factory->delete_participant(participant);

    return 0;
}

rtps.ini:

[common]
DCPSGlobalTransportConfig=$file
DCPSDefaultDiscovery=DEFAULT_RTPS

[transport/the_rtps_transport]
transport_type=rtps_udp

Open dds version

3.26

Platform / Architecture

ubuntu 22.04 amd64

Additional context

This bug is triggered when the value of the max_samples is very large. The cause may be that WriteDataContainer allocates memory twice the value of the max_samples given.

segmentation fault backtrace:

Thread 1 "main" received signal SIGSEGV, Segmentation fault.
0x00007ffff73f227a in ACE_Cached_Mem_Pool_Node<OpenDDS::DCPS::DataSampleElement>::set_next (this=0x0, ptr=0x0) at /home/dpl5626/OpenDDS-3.26/ACE_wrappers/ace/Malloc_T.inl:24
24        this->next_ = ptr;
(gdb) bt
#0  0x00007ffff73f227a in ACE_Cached_Mem_Pool_Node<OpenDDS::DCPS::DataSampleElement>::set_next (this=0x0, ptr=0x0) at /home/dpl5626/OpenDDS-3.26/ACE_wrappers/ace/Malloc_T.inl:24
#1  0x00007ffff73f1617 in ACE_Locked_Free_List<ACE_Cached_Mem_Pool_Node<OpenDDS::DCPS::DataSampleElement>, ACE_Null_Mutex>::add (this=0x555555722150, element=0x0) at /home/dpl5626/OpenDDS-3.26/ACE_wrappers/ace/Free_List.cpp:69
#2  0x00007ffff73f093a in OpenDDS::DCPS::Cached_Allocator_With_Overflow<OpenDDS::DCPS::DataSampleElement, ACE_Null_Mutex>::Cached_Allocator_With_Overflow (this=0x555555722138, n_chunks=1800000000)
    at ../dds/DCPS/Cached_Allocator_With_Overflow_T.h:76
#3  0x00007ffff748798b in OpenDDS::DCPS::WriteDataContainer::WriteDataContainer (this=0x555555721ed0, writer=0x555555720e30, max_samples_per_instance=2147483647, history_depth=1, max_durable_per_instance=0, 
    max_blocking_time=..., n_chunks=900000000, domain_id=4, topic_name=0x5555556ef600 "TopicName", type_name=0x55555571acc0 "Messenger::Message", durability_cache=0x0, durability_service=..., max_instances=0, 
    max_total_samples=900000000, deadline_status_lock=..., deadline_status=..., deadline_last_total_count=@0x555555721348: 0, __in_chrg=<optimized out>, __vtt_parm=<optimized out>)
    at /home/dpl5626/OpenDDS-3.26/dds/DCPS/WriteDataContainer.cpp:102
#4  0x00007ffff72ee8fb in OpenDDS::DCPS::DataWriterImpl::enable (this=0x555555720e30) at /home/dpl5626/OpenDDS-3.26/dds/DCPS/DataWriterImpl.cpp:1413
#5  0x00007ffff73b7093 in OpenDDS::DCPS::PublisherImpl::create_datawriter (this=0x555555720830, a_topic=0x555555720180, qos=..., a_listener=0x0, mask=4294967295) at /home/dpl5626/OpenDDS-3.26/dds/DCPS/PublisherImpl.cpp:161
#6  0x0000555555591dc8 in main ()

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions