326438 – PTP SDM: Segmentation fault when expand a structure with very big array.

Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 326438 - PTP SDM: Segmentation fault when expand a structure with very big array.

Summary: PTP SDM: Segmentation fault when expand a structure with very big array.

Status:	RESOLVED FIXED

Alias:	None

Product:	PTP
Classification:	Tools
Component:	Debug SDM (show other bugs)
Version:	5.0
Hardware:	PC Windows XP

Importance:	P3 major (vote)
Target Milestone:	---
Assignee:	Greg Watson
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2010-09-28 12:59 EDT by Xuan Chen
Modified:	2010-09-29 14:06 EDT (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Xuan Chen

2010-09-28 12:59:05 EDT

This is the source for the C program:

*****************************************************************
#include <stdio.h>




int
main()
{
int debug = 1;
int a1[10];
a1[0] = 0;
a1[1] = 1;
a1[2] = 2;
a1[3] = 3;
a1[4] = 4;
a1[5] = 5;

struct MappingStruct0 {
		int intOne;
		int intTwo;
		int* intPtr;
		long longVal;
	} myStruct0;

	myStruct0.intOne = 5;
	myStruct0.intTwo = 6;
	myStruct0.longVal = 155;

struct MappingStruct {
		int intOne;
		int intTwo;
		int a[5000000];
		int* intPtr;
		long longVal;
	} myStruct;
	myStruct.a[0] = 0;
	myStruct.a[1] = 1;
	myStruct.a[2] = 2;
	myStruct.a[3] = 3;
	myStruct.a[4] = 4;
	myStruct.a[5] = 5;
printf("Hello World1!\n");

	return 0;
}

********************************************
Run to the printf statement, and put myStruct in the expression view.  Expand myStruct.

I got a segmentation fault.

Comment 1 Xuan Chen

2010-09-28 13:27:36 EDT

Please changed the array size from 5000000, to 500000.  Otherwise I ran into Seg fault when just running this program (sometimes).
But I could still reproduce this problem after changing the size.

Comment 2 Xuan Chen

2010-09-28 13:28:15 EDT

I debugged the SDM code, and this is what I found:

In proxy_msg.c, proxy_serialize_msg for processing the AIF for myStruct.
I can see the size of  m->args[1] (which I think supposed to be the data of the AIF), is really big, 4000042.

And when proxy_msg.c, packet_append_bytes() method is called,  

 void
packet_append_bytes(int length, char *data)
{
	if ((packet_allocation - packet_size) < length) {
		packet_allocation = packet_allocation + PACKET_SIZE_INCREMENT;
		packet = (unsigned char *) realloc(packet, packet_allocation);
		assert(packet != NULL);
	}
	memcpy(&packet[packet_size], data, length);
	packet_size += length;
}
the length argument is 4000042, which is way bigger than PACKET_SIZE_INCREMENT, which is only 1024.

So the memory allocated is not big enough for the data.

I am not sure why in this case (I haven't request to expand myStruct.a yet, so the myStruct.a is still an empty node with no content), the data field of the AIF needs to be so big.

Comment 3 Greg Watson

2010-09-29 12:42:19 EDT

Fixed in HEAD. 

There is a related issue which is that the debugger should not fetch the contents of the structure elements unless they are view in the UI. I think currently it fetches all the first level elements. To fix this would require some reworking of the way variables are obtained, both in the client and server sides. Please open a separate bug on this (severity: feature request) if you'd like.

Thanks!

Comment 4 Xuan Chen

2010-09-29 12:56:01 EDT

Thanks, Greg.  I will give it a try.

Bug 326562 has been opened for requesting the enhancement.
https://bugs.eclipse.org/bugs/show_bug.cgi?id=326562

Comment 5 Greg Watson

2010-09-29 14:06:49 EDT

Closing as fixed.