You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@thrift.apache.org by "Paul Brannan (JIRA)" <ji...@apache.org> on 2013/09/12 20:04:56 UTC
[jira] [Updated] (THRIFT-2182) segfault in regression tests (GC bug
in rb_thrift_memory_buffer_write)
[ https://issues.apache.org/jira/browse/THRIFT-2182?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Paul Brannan updated THRIFT-2182:
---------------------------------
Description:
This bug causes the regression tests to segfault on my machine. As this is a GC bug, it may or may not be easily reproducible.
The rb_thrift_memory_buffer_write function looks like this:
{code:none}
VALUE rb_thrift_memory_buffer_write(VALUE self, VALUE str) {
VALUE buf = GET_BUF(self);
str = force_binary_encoding(str);
rb_str_buf_cat(buf, RSTRING_PTR(str), RSTRING_LEN(str));
return Qnil;
}
{code}
When gcc compiles this, it optimizes away the value of str (it is no longer used after RSTRING_PTR(str) and RSTRING_LEN(str) are computed). Later, rb_str_buf_cat invokes the GC, and the string referenced by str is collected, because there are no references to it on the stack.
Some possible solutions:
* Use StringValuePtr instead of RSTRING_PTR (in general RSTRING_PTR should be avoided in favor of StringValuePtr or StringValueCStr); I believe this will also fix #THRIFT-1047
* Use rb_str_cat instead of rb_str_buf_cat
* Use RB_GC_GUARD to prevent str from getting collected
It appears a similar bug may exist with buffer_value in rb_thrift_memory_buffer_read_into_buffer, and possibly in any of the other 30 places that RSTRING_PTR is used.
was:
This bug causes the regression tests to segfault on my machine. As this is a GC bug, it may or may not be easily reproducible.
The rb_thrift_memory_buffer_write function looks like this:
VALUE rb_thrift_memory_buffer_write(VALUE self, VALUE str) {
VALUE buf = GET_BUF(self);
str = force_binary_encoding(str);
rb_str_buf_cat(buf, RSTRING_PTR(str), RSTRING_LEN(str));
return Qnil;
}
When gcc compiles this, it optimizes away the value of str (it is no longer used after RSTRING_PTR(str) and RSTRING_LEN(str) are computed). Later, rb_str_buf_cat invokes the GC, and the string referenced by str is collected, because there are no references to it on the stack.
Some possible solutions:
* Use StringValuePtr instead of RSTRING_PTR (in general RSTRING_PTR should be avoided in favor of StringValuePtr or StringValueCStr); I believe this will also fix #THRIFT-1047
* Use rb_str_cat instead of rb_str_buf_cat
* Use RB_GC_GUARD to prevent str from getting collected
It appears a similar bug may exist with buffer_value in rb_thrift_memory_buffer_read_into_buffer, and possibly in any of the other 30 places that RSTRING_PTR is used.
> segfault in regression tests (GC bug in rb_thrift_memory_buffer_write)
> ----------------------------------------------------------------------
>
> Key: THRIFT-2182
> URL: https://issues.apache.org/jira/browse/THRIFT-2182
> Project: Thrift
> Issue Type: Bug
> Components: Ruby - Library
> Affects Versions: 0.9.1, 0.9.2
> Reporter: Paul Brannan
>
> This bug causes the regression tests to segfault on my machine. As this is a GC bug, it may or may not be easily reproducible.
> The rb_thrift_memory_buffer_write function looks like this:
> {code:none}
> VALUE rb_thrift_memory_buffer_write(VALUE self, VALUE str) {
> VALUE buf = GET_BUF(self);
> str = force_binary_encoding(str);
> rb_str_buf_cat(buf, RSTRING_PTR(str), RSTRING_LEN(str));
> return Qnil;
> }
> {code}
> When gcc compiles this, it optimizes away the value of str (it is no longer used after RSTRING_PTR(str) and RSTRING_LEN(str) are computed). Later, rb_str_buf_cat invokes the GC, and the string referenced by str is collected, because there are no references to it on the stack.
> Some possible solutions:
> * Use StringValuePtr instead of RSTRING_PTR (in general RSTRING_PTR should be avoided in favor of StringValuePtr or StringValueCStr); I believe this will also fix #THRIFT-1047
> * Use rb_str_cat instead of rb_str_buf_cat
> * Use RB_GC_GUARD to prevent str from getting collected
> It appears a similar bug may exist with buffer_value in rb_thrift_memory_buffer_read_into_buffer, and possibly in any of the other 30 places that RSTRING_PTR is used.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira