You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@thrift.apache.org by "Paul Brannan (JIRA)" <ji...@apache.org> on 2013/09/12 20:04:56 UTC

[jira] [Updated] (THRIFT-2182) segfault in regression tests (GC bug in rb_thrift_memory_buffer_write)

     [ https://issues.apache.org/jira/browse/THRIFT-2182?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Paul Brannan updated THRIFT-2182:
---------------------------------

    Description: 
This bug causes the regression tests to segfault on my machine.  As this is a GC bug, it may or may not be easily reproducible.

The rb_thrift_memory_buffer_write function looks like this:

{code:none}
    VALUE rb_thrift_memory_buffer_write(VALUE self, VALUE str) {
      VALUE buf = GET_BUF(self);
      str = force_binary_encoding(str);
      rb_str_buf_cat(buf, RSTRING_PTR(str), RSTRING_LEN(str));
      return Qnil;
    }
{code}

When gcc compiles this, it optimizes away the value of str (it is no longer used after RSTRING_PTR(str) and RSTRING_LEN(str) are computed).  Later, rb_str_buf_cat invokes the GC, and the string referenced by str is collected, because there are no references to it on the stack.

Some possible solutions:
* Use StringValuePtr instead of RSTRING_PTR (in general RSTRING_PTR should be avoided in favor of StringValuePtr or StringValueCStr); I believe this will also fix #THRIFT-1047
* Use rb_str_cat instead of rb_str_buf_cat
* Use RB_GC_GUARD to prevent str from getting collected

It appears a similar bug may exist with buffer_value in rb_thrift_memory_buffer_read_into_buffer, and possibly in any of the other 30 places that RSTRING_PTR is used.


  was:
This bug causes the regression tests to segfault on my machine.  As this is a GC bug, it may or may not be easily reproducible.

The rb_thrift_memory_buffer_write function looks like this:

    VALUE rb_thrift_memory_buffer_write(VALUE self, VALUE str) {
      VALUE buf = GET_BUF(self);
      str = force_binary_encoding(str);
      rb_str_buf_cat(buf, RSTRING_PTR(str), RSTRING_LEN(str));
      return Qnil;
    }

When gcc compiles this, it optimizes away the value of str (it is no longer used after RSTRING_PTR(str) and RSTRING_LEN(str) are computed).  Later, rb_str_buf_cat invokes the GC, and the string referenced by str is collected, because there are no references to it on the stack.

Some possible solutions:
* Use StringValuePtr instead of RSTRING_PTR (in general RSTRING_PTR should be avoided in favor of StringValuePtr or StringValueCStr); I believe this will also fix #THRIFT-1047
* Use rb_str_cat instead of rb_str_buf_cat
* Use RB_GC_GUARD to prevent str from getting collected

It appears a similar bug may exist with buffer_value in rb_thrift_memory_buffer_read_into_buffer, and possibly in any of the other 30 places that RSTRING_PTR is used.


    
> segfault in regression tests (GC bug in rb_thrift_memory_buffer_write)
> ----------------------------------------------------------------------
>
>                 Key: THRIFT-2182
>                 URL: https://issues.apache.org/jira/browse/THRIFT-2182
>             Project: Thrift
>          Issue Type: Bug
>          Components: Ruby - Library
>    Affects Versions: 0.9.1, 0.9.2
>            Reporter: Paul Brannan
>
> This bug causes the regression tests to segfault on my machine.  As this is a GC bug, it may or may not be easily reproducible.
> The rb_thrift_memory_buffer_write function looks like this:
> {code:none}
>     VALUE rb_thrift_memory_buffer_write(VALUE self, VALUE str) {
>       VALUE buf = GET_BUF(self);
>       str = force_binary_encoding(str);
>       rb_str_buf_cat(buf, RSTRING_PTR(str), RSTRING_LEN(str));
>       return Qnil;
>     }
> {code}
> When gcc compiles this, it optimizes away the value of str (it is no longer used after RSTRING_PTR(str) and RSTRING_LEN(str) are computed).  Later, rb_str_buf_cat invokes the GC, and the string referenced by str is collected, because there are no references to it on the stack.
> Some possible solutions:
> * Use StringValuePtr instead of RSTRING_PTR (in general RSTRING_PTR should be avoided in favor of StringValuePtr or StringValueCStr); I believe this will also fix #THRIFT-1047
> * Use rb_str_cat instead of rb_str_buf_cat
> * Use RB_GC_GUARD to prevent str from getting collected
> It appears a similar bug may exist with buffer_value in rb_thrift_memory_buffer_read_into_buffer, and possibly in any of the other 30 places that RSTRING_PTR is used.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira