GNU bug report logs - #46796
Cuirass & pointer finalization.

Previous Next

Package: guix;

Reported by: Mathieu Othacehe <othacehe <at> gnu.org>

Date: Fri, 26 Feb 2021 14:15:02 UTC

Severity: important

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

Message #8 received at 46796 <at> debbugs.gnu.org (full text, mbox):

From: zimoun <zimon.toutoune <at> gmail.com>
To: Mathieu Othacehe <othacehe <at> gnu.org>, 46796 <at> debbugs.gnu.org
Subject: Re: bug#46796: Cuirass & pointer finalization.
Date: Fri, 26 Feb 2021 21:12:56 +0100

Hi Mathieu,

I know nothing about the topic and I probably out-of-scope.

On Fri, 26 Feb 2021 at 15:14, Mathieu Othacehe <othacehe <at> gnu.org> wrote:

> I'm trying to fix a memory corruption in the remote-server process of
> Cuirass since a few days. Even though I don't have a usable core dump
> file yet, I'm pretty sure the error comes from the "zmq-msg-init"
> procedure of Guile-Simple-ZMQ.
>
> This procedure creates a bytevector, call the C function zmq_msg_init to
> initialize it, adds zmq_msg_close as pointer finalizer and returns a
> wrapped pointer.
>
> My understanding is that the wrapped pointer that is passed around in
> Cuirass ensures that the underlying bytevector is not garbage collected
> until the pointer goes out of scope. However, some assertions failures
> such as this one:
>
> --8<---------------cut here---------------start------------->8---
> Assertion failed: check () (src/msg.cpp:394)
> --8<---------------cut here---------------end--------------->8---
>
> let me think that the bytevector is garbage collected, while ZMQ is
> still using it. Some help would be much appreciated here :).

From ’zmq-msg-init’ defined here:

<https://github.com/jerry40/guile-simple-zmq/blob/master/simple-zmq.scm.in#L543>

and why is ’zmq-message-content’ used for?  Since ’message’ is
initialized with zero, I guess.  Well, I am confused by:

--8<---------------cut here---------------start------------->8---
  (let ((content-ptr (zmq_msg_data (message->pointer message)))
[...]
        (pointer->bytevector content-ptr size))))

…

        (let ((msg (pointer->message! msg-pointer)))
          (when content-bv
            (let ((target (zmq-message-content msg)))
              (bytevector-copy! content-bv 0 target 0 len)))
          msg))))
--8<---------------cut here---------------end--------------->8---

Is ’target’ at the same address than ’msg’?  Maybe ’target’ creates
somehow a dangling pointer.


Cheers,
simon
This bug report was last modified 1 year and 186 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.