EPICS Base

RSRV expanding large buffer causes crash

Bug #1706703 reported by mdavidsaver
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
EPICS Base
Status tracked in 7.0
3.16
Fix Released
High
Unassigned
EPICS Base 3.16.2
7.0
Fix Released
High
mdavidsaver

Bug Description

The change to automatic allocation of send/recv buffers in RSRV introduced a regression in 3.16.1. Expanding from a small (16kB) buffer to a large buffer works correctly. Further expanding a large buffer to a larger size triggers a call to freeListFree() with a NULL free list pointer.

Reported by Joao Martins (ESS)

> #0 0x00003fffb7c91374 in .freeListFree () from /opt/vsee/bases/3.16.1/lib/linux-ppc64e6500/libCom.so
> #1 0x00003fffb7e18e94 in .casExpandSendBuffer () from /opt/vsee/bases/3.16.1/lib/linux-ppc64e6500/libdbCore.so
> #2 0x00003fffb7e15924 in .cas_copy_in_header () from /opt/vsee/bases/3.16.1/lib/linux-ppc64e6500/libdbCore.so
> #3 0x00003fffb7e1af14 in .read_reply () from /opt/vsee/bases/3.16.1/lib/linux-ppc64e6500/libdbCore.so
> #4 0x00003fffb7de3ec0 in .event_task () from /opt/vsee/bases/3.16.1/lib/linux-ppc64e6500/libdbCore.so
> #5 0x00003fffb7caaa98 in .start_routine () from /opt/vsee/bases/3.16.1/lib/linux-ppc64e6500/libCom.so
> #6 0x00003fffb76a5680 in start_thread (arg=0x3fff95876180) at pthread_create.c:315
> #7 0x00003fffb7817ca0 in .__clone () at ../sysdeps/unix/sysv/linux/powerpc/powerpc64/clone.S:96

Revision history for this message
mdavidsaver (mdavidsaver) wrote :

Fixed by https://git.launchpad.net/epics-base/commit/?id=d2fad17be7ab7f5a9ce1d956438677cbe9385eb1

Changed in epics-base:
milestone: none → 3.16.branch
assignee: nobody → mdavidsaver (mdavidsaver)
status: New → Fix Committed
importance: Undecided → High
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.