possible sigbus

Bug #1623792 reported by Seth Arnold on 2016-09-15
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
zeromq3 (Ubuntu)
Undecided
Unassigned

Bug Description

The following function looks like it will access a 32-bit data element that is improperly aligned:

void zmq::socket_base_t::monitor_event (int event_, int value_, const std::string &addr_)
{
    if (monitor_socket) {
        // Send event in first frame
        zmq_msg_t msg;
        zmq_msg_init_size (&msg, 6);
        uint8_t *data = (uint8_t *) zmq_msg_data (&msg);
        *(uint16_t *) (data + 0) = (uint16_t) event_;
        *(uint32_t *) (data + 2) = (uint32_t) value_;
        zmq_sendmsg (monitor_socket, &msg, ZMQ_SNDMORE);

        // Send address in second frame
        zmq_msg_init_size (&msg, addr_.size());
        memcpy (zmq_msg_data (&msg), addr_.c_str (), addr_.size ());
        zmq_sendmsg (monitor_socket, &msg, 0);
    }
}

On many platforms this will cause a SIGBUS.

It looks like upstream has already fixed this issue:

https://github.com/zeromq/libzmq/blob/master/src/socket_base.cpp#L1683

The current code looks like:

void zmq::socket_base_t::monitor_event (int event_, intptr_t value_, const std::string &addr_)
{
    if (monitor_socket) {
        // Send event in first frame
        zmq_msg_t msg;
        zmq_msg_init_size (&msg, 6);
        uint8_t *data = (uint8_t *) zmq_msg_data (&msg);
        // Avoid dereferencing uint32_t on unaligned address
        uint16_t event = (uint16_t) event_;
        uint32_t value = (uint32_t) value_;
        memcpy (data + 0, &event, sizeof(event));
        memcpy (data + 2, &value, sizeof(value));
        zmq_sendmsg (monitor_socket, &msg, ZMQ_SNDMORE);

        // Send address in second frame
        zmq_msg_init_size (&msg, addr_.size());
        memcpy (zmq_msg_data (&msg), addr_.c_str (), addr_.size ());
        zmq_sendmsg (monitor_socket, &msg, 0);
    }
}

Thanks

Luca Boccassi (bluca) wrote :

The fix was released in version 4.2.0 last year and is available in Ubuntu since Zesty.

Changed in zeromq3 (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers