RSRV expanding large buffer causes crash
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
EPICS Base | Status tracked in 7.0 | |||||
3.16 |
Fix Released
|
High
|
Unassigned | |||
7.0 |
Fix Released
|
High
|
mdavidsaver |
Bug Description
The change to automatic allocation of send/recv buffers in RSRV introduced a regression in 3.16.1. Expanding from a small (16kB) buffer to a large buffer works correctly. Further expanding a large buffer to a larger size triggers a call to freeListFree() with a NULL free list pointer.
Reported by Joao Martins (ESS)
> #0 0x00003fffb7c91374 in .freeListFree () from /opt/vsee/
> #1 0x00003fffb7e18e94 in .casExpandSendB
> #2 0x00003fffb7e15924 in .cas_copy_in_header () from /opt/vsee/
> #3 0x00003fffb7e1af14 in .read_reply () from /opt/vsee/
> #4 0x00003fffb7de3ec0 in .event_task () from /opt/vsee/
> #5 0x00003fffb7caaa98 in .start_routine () from /opt/vsee/
> #6 0x00003fffb76a5680 in start_thread (arg=0x3fff9587
> #7 0x00003fffb7817ca0 in .__clone () at ../sysdeps/
Fixed by https:/ /git.launchpad. net/epics- base/commit/ ?id=d2fad17be7a b7f5a9ce1d95643 8677cbe9385eb1