Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Uninitialized memory in syscall during param_set #141

Closed
jbwillis opened this issue Oct 2, 2020 · 0 comments
Closed

Uninitialized memory in syscall during param_set #141

jbwillis opened this issue Oct 2, 2020 · 0 comments
Labels
bug

Comments

@jbwillis
Copy link
Contributor

jbwillis commented Oct 2, 2020

Running valgrind on the master branch indicates unitialized memory and possible.

System:

  • Ubuntu 18.04
  • ROS Melodic
  • gcc 7.5.0

To reproduce:

  • Launch rosflight sim
    roslaunch rosflight_sim multirotor.launch
  • Run rosflight_io with Valgrind
    valgrind devel/lib/rosflight/rosflight_io _udp:=true
  • Perform a param_set
    rosservice call /param_set MIXER 1

The following message is shown:

==19869== Syscall param sendmsg(msg.msg_iov[0]) points to uninitialised byte(s)
==19869==    at 0x6752EE7: sendmsg (sendmsg.c:28)
==19869==    by 0x4EC2BD9: boost::asio::detail::socket_ops::sendto(int, iovec const*, unsigned long, int, sockaddr const*, unsigned long, boost::system::error_code&) (socket_ops.ipp:1299)
==19869==    by 0x4EC2C9C: boost::asio::detail::socket_ops::non_blocking_sendto(int, iovec const*, unsigned long, int, sockaddr const*, unsigned long, boost::system::error_code&, unsigned long&) (socket_ops.ipp:
1350)
==19869==    by 0x4EC7AF1: boost::asio::detail::reactive_socket_sendto_op_base<boost::asio::const_buffers_1, boost::asio::ip::basic_endpoint<boost::asio::ip::udp> >::do_perform(boost::asio::detail::reactor_op*)
(reactive_socket_sendto_op.hpp:58)
==19869==    by 0x4EBA4FA: boost::asio::detail::reactor_op::perform() (reactor_op.hpp:40)
==19869==    by 0x4EBB1E0: boost::asio::detail::epoll_reactor::start_op(int, int, boost::asio::detail::epoll_reactor::descriptor_state*&, boost::asio::detail::reactor_op*, bool, bool) (epoll_reactor.ipp:242)
==19869==    by 0x4EC3833: boost::asio::detail::reactive_socket_service_base::start_op(boost::asio::detail::reactive_socket_service_base::base_implementation_type&, int, boost::asio::detail::reactor_op*, bool, b
ool, bool) (reactive_socket_service_base.ipp:221)
==19869==    by 0x4EC6242: void boost::asio::detail::reactive_socket_service<boost::asio::ip::udp>::async_send_to<boost::asio::const_buffers_1, boost::function<void (boost::system::error_code const&, unsigned lo
ng)> >(boost::asio::detail::reactive_socket_service<boost::asio::ip::udp>::implementation_type&, boost::asio::const_buffers_1 const&, boost::asio::ip::basic_endpoint<boost::asio::ip::udp> const&, int, boost::fun
ction<void (boost::system::error_code const&, unsigned long)>&) (reactive_socket_service.hpp:246)
==19869==    by 0x4EC56DB: boost::asio::async_result<boost::asio::handler_type<boost::function<void (boost::system::error_code const&, unsigned long)>&, void (boost::system::error_code, unsigned long)>::type>::t
ype boost::asio::datagram_socket_service<boost::asio::ip::udp>::async_send_to<boost::asio::const_buffers_1, boost::function<void (boost::system::error_code const&, unsigned long)>&>(boost::asio::detail::reactive
_socket_service<boost::asio::ip::udp>::implementation_type&, boost::asio::const_buffers_1 const&, boost::asio::ip::basic_endpoint<boost::asio::ip::udp> const&, int, boost::function<void (boost::system::error_cod
e const&, unsigned long)>&) (datagram_socket_service.hpp:360)
==19869==    by 0x4EC4FF3: boost::asio::async_result<boost::asio::handler_type<boost::function<void (boost::system::error_code const&, unsigned long)>&, void (boost::system::error_code, unsigned long)>::type>::t
ype boost::asio::basic_datagram_socket<boost::asio::ip::udp, boost::asio::datagram_socket_service<boost::asio::ip::udp> >::async_send_to<boost::asio::const_buffers_1, boost::function<void (boost::system::error_c
ode const&, unsigned long)>&>(boost::asio::const_buffers_1 const&, boost::asio::ip::basic_endpoint<boost::asio::ip::udp> const&, boost::function<void (boost::system::error_code const&, unsigned long)>&) (basic_d
atagram_socket.hpp:531)
==19869==    by 0x4EC1F1D: mavrosflight::MavlinkUDP::do_async_write(boost::asio::const_buffers_1 const&, boost::function<void (boost::system::error_code const&, unsigned long)>) (mavlink_udp.cpp:105)
==19869==    by 0x4EB13D4: mavrosflight::MavlinkComm::async_write(bool) (mavlink_comm.cpp:164)
==19869==  Address 0x10945352 is 18 bytes inside a block of size 280 alloc'd
==19869==    at 0x4C3017F: operator new(unsigned long) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19869==    by 0x4EB115F: mavrosflight::MavlinkComm::send_message(__mavlink_message const&) (mavlink_comm.cpp:141)
==19869==    by 0x4ECB434: mavrosflight::ParamManager::param_set_timer_callback(ros::TimerEvent const&) (param_manager.cpp:386)
==19869==    by 0x4ED5752: boost::_mfi::mf1<void, mavrosflight::ParamManager, ros::TimerEvent const&>::operator()(mavrosflight::ParamManager*, ros::TimerEvent const&) const (mem_fn_template.hpp:165)
==19869==    by 0x4ED51FE: void boost::_bi::list2<boost::_bi::value<mavrosflight::ParamManager*>, boost::arg<1> >::operator()<boost::_mfi::mf1<void, mavrosflight::ParamManager, ros::TimerEvent const&>, boost::_b
i::rrlist1<ros::TimerEvent const&> >(boost::_bi::type<void>, boost::_mfi::mf1<void, mavrosflight::ParamManager, ros::TimerEvent const&>&, boost::_bi::rrlist1<ros::TimerEvent const&>&, int) (bind.hpp:319)
==19869==    by 0x4ED4ABE: void boost::_bi::bind_t<void, boost::_mfi::mf1<void, mavrosflight::ParamManager, ros::TimerEvent const&>, boost::_bi::list2<boost::_bi::value<mavrosflight::ParamManager*>, boost::arg<1
> > >::operator()<ros::TimerEvent const&>(ros::TimerEvent const&) (bind.hpp:1306)
==19869==    by 0x4ED3FEC: boost::detail::function::void_function_obj_invoker1<boost::_bi::bind_t<void, boost::_mfi::mf1<void, mavrosflight::ParamManager, ros::TimerEvent const&>, boost::_bi::list2<boost::_bi::v
alue<mavrosflight::ParamManager*>, boost::arg<1> > >, void, ros::TimerEvent const&>::invoke(boost::detail::function::function_buffer&, ros::TimerEvent const&) (function_template.hpp:159)
==19869==    by 0x51C3A86: ros::TimerManager<ros::Time, ros::Duration, ros::TimerEvent>::TimerQueueCallback::call() (in /opt/ros/melodic/lib/libroscpp.so)
==19869==    by 0x51E8B8B: ros::CallbackQueue::callOneCB(ros::CallbackQueue::TLS*) (in /opt/ros/melodic/lib/libroscpp.so)
==19869==    by 0x51E9F7A: ros::CallbackQueue::callAvailable(ros::WallDuration) (in /opt/ros/melodic/lib/libroscpp.so)
==19869==    by 0x5241FE8: ros::SingleThreadedSpinner::spin(ros::CallbackQueue*) (in /opt/ros/melodic/lib/libroscpp.so)
==19869==    by 0x522A87A: ros::spin() (in /opt/ros/melodic/lib/libroscpp.so)
==19869==

When terminating rosflight_io the following information is given.

==22876== HEAP SUMMARY:
==22876==     in use at exit: 3,165 bytes in 40 blocks
==22876==   total heap usage: 308,223 allocs, 308,183 frees, 14,653,997 bytes allocated
==22876== 
==22876== LEAK SUMMARY:
==22876==    definitely lost: 0 bytes in 0 blocks
==22876==    indirectly lost: 0 bytes in 0 blocks
==22876==      possibly lost: 0 bytes in 0 blocks
==22876==    still reachable: 3,165 bytes in 40 blocks
==22876==         suppressed: 0 bytes in 0 blocks

Investigating using --show-reachable=yes suggests that the reachable memory was allocated by ROS.

Need to determine if the uninitialized memory is an issue.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jbwillis @bsutherland333