possible sigbus
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
zeromq3 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
The following function looks like it will access a 32-bit data element that is improperly aligned:
void zmq::socket_
{
if (monitor_socket) {
// Send event in first frame
zmq_msg_t msg;
uint8_t *data = (uint8_t *) zmq_msg_data (&msg);
*(uint16_t *) (data + 0) = (uint16_t) event_;
*(uint32_t *) (data + 2) = (uint32_t) value_;
zmq_sendmsg (monitor_socket, &msg, ZMQ_SNDMORE);
// Send address in second frame
memcpy (zmq_msg_data (&msg), addr_.c_str (), addr_.size ());
zmq_sendmsg (monitor_socket, &msg, 0);
}
}
On many platforms this will cause a SIGBUS.
It looks like upstream has already fixed this issue:
https:/
The current code looks like:
void zmq::socket_
{
if (monitor_socket) {
// Send event in first frame
zmq_msg_t msg;
uint8_t *data = (uint8_t *) zmq_msg_data (&msg);
// Avoid dereferencing uint32_t on unaligned address
uint16_t event = (uint16_t) event_;
uint32_t value = (uint32_t) value_;
memcpy (data + 0, &event, sizeof(event));
memcpy (data + 2, &value, sizeof(value));
zmq_sendmsg (monitor_socket, &msg, ZMQ_SNDMORE);
// Send address in second frame
memcpy (zmq_msg_data (&msg), addr_.c_str (), addr_.size ());
zmq_sendmsg (monitor_socket, &msg, 0);
}
}
Thanks
The fix was released in version 4.2.0 last year and is available in Ubuntu since Zesty.