Sending zero length search request causes infinite loop in casDGClient::processDG()

Bug #1743321 reported by Ralph Lange on 2018-01-15
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ralph Lange
Ralph Lange

Bug Description

Reported by Shuei YAMADA

Last april I posted to tech-talk an problem that cagateway runs away
on rare occasions (
I successfully reproduced the problem by UDP-port scan with nmap.
When I run nmap as following:

nmap -sU -p 5064 -A ip.address.of.cagateway

- all PVs subscribing via cagateway become disconnected,
- cagateway is eating up the CPU,
- no distinguishable log messege, no "zero length PV name in UDP
search request?" either,
- excas shows the same simptom.

There is no way to exiting the the while() loop in
casDGClient::processDG() when program reaches at the end of while()
block with a condition such that:
- this->in.bytesPresent()>0 && dgInBytesConsumed == 0 && status ==

We are using base R3.14.12.3 for production and R3.15.5 for evaluation
at our site and both have the problem. Also R3.14.12.7 and R3.16.1
seem to have the same problem. Please find a naiive fix for this in
the attachment.

Tags: cas Edit Tag help
Ralph Lange (ralph-lange) wrote :
Andrew Johnson (anj) on 2018-06-05
Changed in epics-base:
assignee: nobody → Ralph Lange (ralph-lange)
no longer affects: epics-base/7.0
Changed in epics-base:
importance: Undecided → Medium
status: Invalid → In Progress
tags: added: cas
Andrew Johnson (anj) on 2018-06-26
Changed in epics-base:
status: In Progress → Fix Committed
Ralph Lange (ralph-lange) wrote :

For EPICS 7: fix released in the PCAS module per release 4.13.2

Andrew Johnson (anj) on 2018-09-14
Changed in epics-base:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers