Ubuntu
zeromq3 package

possible sigbus

Bug #1623792 reported by Seth Arnold
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
zeromq3 (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

The following function looks like it will access a 32-bit data element that is improperly aligned:

void zmq::socket_base_t::monitor_event (int event_, int value_, const std::string &addr_)
{
    if (monitor_socket) {
        // Send event in first frame
        zmq_msg_t msg;
        zmq_msg_init_size (&msg, 6);
        uint8_t *data = (uint8_t *) zmq_msg_data (&msg);
        *(uint16_t *) (data + 0) = (uint16_t) event_;
        *(uint32_t *) (data + 2) = (uint32_t) value_;
        zmq_sendmsg (monitor_socket, &msg, ZMQ_SNDMORE);

        // Send address in second frame
        zmq_msg_init_size (&msg, addr_.size());
        memcpy (zmq_msg_data (&msg), addr_.c_str (), addr_.size ());
        zmq_sendmsg (monitor_socket, &msg, 0);
    }
}

On many platforms this will cause a SIGBUS.

It looks like upstream has already fixed this issue:

https://github.com/zeromq/libzmq/blob/master/src/socket_base.cpp#L1683

The current code looks like:

void zmq::socket_base_t::monitor_event (int event_, intptr_t value_, const std::string &addr_)
{
    if (monitor_socket) {
        // Send event in first frame
        zmq_msg_t msg;
        zmq_msg_init_size (&msg, 6);
        uint8_t *data = (uint8_t *) zmq_msg_data (&msg);
        // Avoid dereferencing uint32_t on unaligned address
        uint16_t event = (uint16_t) event_;
        uint32_t value = (uint32_t) value_;
        memcpy (data + 0, &event, sizeof(event));
        memcpy (data + 2, &value, sizeof(value));
        zmq_sendmsg (monitor_socket, &msg, ZMQ_SNDMORE);

        // Send address in second frame
        zmq_msg_init_size (&msg, addr_.size());
        memcpy (zmq_msg_data (&msg), addr_.c_str (), addr_.size ());
        zmq_sendmsg (monitor_socket, &msg, 0);
    }
}

Thanks

Revision history for this message
Luca Boccassi (bluca) wrote :

The fix was released in version 4.2.0 last year and is available in Ubuntu since Zesty.

Changed in zeromq3 (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.