[Libwebsockets] Segfault

Jack Mitchell ml at communistcode.co.uk
Fri Jan 18 14:20:49 CET 2013


Good Afternoon everyone,

Today I tried out the latest libwebsockets master in my embedded 
application and gave it a good thrashing. I managed to reproduce a 
segfault a few times - I have had this issue before but thought I had 
fixed it but it has reared it's ugly head again in this new release. I 
have attached a valgrind trace below in the hope that someone could help 
me out.

I think it is trying to write to a dead socket (null pointer) and 
bailing out. Should there be some extra error checking somewhere to 
ensure that a dead socket is never written to?

I'm going to investigate some more and will let you know if I find a 
solution!

==1722== Invalid read of size 2
==1722==    at 0x481172C: memcpy (mc_replace_strmem.c:838)
==1722==    by 0x4AC2A53: flush_pending (deflate.c:651)
==1722==    by 0x4AC3E83: deflate (deflate.c:869)
==1722==    by 0x499087B: lws_extension_callback_deflate_frame 
(extension-deflate-frame.c:224)
==1722==    by 0x498F9CF: libwebsocket_write (output.c:323)
==1722==    by 0xEC5B: webSock_genericSendRecieve 
(webInterface_webSockets.c:99)
==1722==    by 0x498B39B: user_callback_handle_rxflow (libwebsockets.c:1666)
==1722==    by 0x498B45B: libwebsockets_broadcast (libwebsockets.c:2411)
==1722==    by 0xEEAB: webSock_broadcastJsonObject 
(webInterface_webSockets.c:223)
==1722==    by 0xD81F: XX86socket_handleReceive (XX86_socket.c:110)
==1722==    by 0xED9B: webSock_genericSendRecieve 
(webInterface_webSockets.c:147)
==1722==    by 0x498B39B: user_callback_handle_rxflow (libwebsockets.c:1666)
==1722==  Address 0x4ec62e0 is 0 bytes after a block of size 65,536 alloc'd
==1722==    at 0x480F7C0: malloc (vg_replace_malloc.c:263)
==1722==    by 0x4AC51F7: deflateInit2_ (deflate.c:301)
==1722==    by 0x49906AF: lws_extension_callback_deflate_frame 
(extension-deflate-frame.c:42)
==1722==    by 0x498D2AB: handshake_0405 (handshake.c:427)
==1722==    by 0x498D92B: libwebsocket_read (handshake.c:690)
==1722==    by 0x498CA27: libwebsocket_service_fd (libwebsockets.c:887)
==1722==    by 0x498CC1F: libwebsocket_service (libwebsockets.c:1376)
==1722==    by 0xA93F: main (R0005.c:108)
==1722==
==1722== Invalid read of size 2
==1722==    at 0x4811720: memcpy (mc_replace_strmem.c:838)
==1722==    by 0x4AC2A53: flush_pending (deflate.c:651)
==1722==    by 0x4AC3E83: deflate (deflate.c:869)
==1722==    by 0x499087B: lws_extension_callback_deflate_frame 
(extension-deflate-frame.c:224)
==1722==    by 0x498F9CF: libwebsocket_write (output.c:323)
==1722==    by 0xEC5B: webSock_genericSendRecieve 
(webInterface_webSockets.c:99)
==1722==    by 0x498B39B: user_callback_handle_rxflow (libwebsockets.c:1666)
==1722==    by 0x498B45B: libwebsockets_broadcast (libwebsockets.c:2411)
==1722==    by 0xEEAB: webSock_broadcastJsonObject 
(webInterface_webSockets.c:223)
==1722==    by 0xD81F: XX86socket_handleReceive (XX86_socket.c:110)
==1722==    by 0xED9B: webSock_genericSendRecieve 
(webInterface_webSockets.c:147)
==1722==    by 0x498B39B: user_callback_handle_rxflow (libwebsockets.c:1666)
==1722==  Address 0x4ec62e2 is 2 bytes after a block of size 65,536 alloc'd
==1722==    at 0x480F7C0: malloc (vg_replace_malloc.c:263)
==1722==    by 0x4AC51F7: deflateInit2_ (deflate.c:301)
==1722==    by 0x49906AF: lws_extension_callback_deflate_frame 
(extension-deflate-frame.c:42)
==1722==    by 0x498D2AB: handshake_0405 (handshake.c:427)
==1722==    by 0x498D92B: libwebsocket_read (handshake.c:690)
==1722==    by 0x498CA27: libwebsocket_service_fd (libwebsockets.c:887)
==1722==    by 0x498CC1F: libwebsocket_service (libwebsockets.c:1376)
==1722==    by 0xA93F: main (R0005.c:108)
==1722==
==1722== Invalid write of size 2
==1722==    at 0x4811724: memcpy (mc_replace_strmem.c:838)
==1722==    by 0x4AC2A53: flush_pending (deflate.c:651)
==1722==    by 0x4AC3E83: deflate (deflate.c:869)
==1722==    by 0x499087B: lws_extension_callback_deflate_frame 
(extension-deflate-frame.c:224)
==1722==    by 0x498F9CF: libwebsocket_write (output.c:323)
==1722==    by 0xEC5B: webSock_genericSendRecieve 
(webInterface_webSockets.c:99)
==1722==    by 0x498B39B: user_callback_handle_rxflow (libwebsockets.c:1666)
==1722==    by 0x498B45B: libwebsockets_broadcast (libwebsockets.c:2411)
==1722==    by 0xEEAB: webSock_broadcastJsonObject 
(webInterface_webSockets.c:223)
==1722==    by 0xD81F: XX86socket_handleReceive (XX86_socket.c:110)
==1722==    by 0xED9B: webSock_genericSendRecieve 
(webInterface_webSockets.c:147)
==1722==    by 0x498B39B: user_callback_handle_rxflow (libwebsockets.c:1666)
==1722==  Address 0x4dcdcbe is 0 bytes after a block of size 65,558 alloc'd
==1722==    at 0x480F8C0: realloc (vg_replace_malloc.c:632)
==1722==    by 0x4990833: lws_extension_callback_deflate_frame 
(extension-deflate-frame.c:248)
==1722==    by 0x498F9CF: libwebsocket_write (output.c:323)
==1722==    by 0xEFB7: webSock_writeJsonObject 
(webInterface_webSockets.c:272)
==1722==    by 0xB08F: XX86data_writeAllDataToSocket (XX86_data.c:54)
==1722==    by 0xD8A7: XX86socket_handleReceive (XX86_socket.c:47)
==1722==    by 0xED9B: webSock_genericSendRecieve 
(webInterface_webSockets.c:147)
==1722==    by 0x498B39B: user_callback_handle_rxflow (libwebsockets.c:1666)
==1722==    by 0x498EF03: libwebsocket_rx_sm (parsers.c:870)
==1722==    by 0x498F037: libwebsocket_interpret_incoming_packet 
(parsers.c:941)
==1722==    by 0x498D757: libwebsocket_read (handshake.c:723)
==1722==    by 0x498CAFB: libwebsocket_service_fd (libwebsockets.c:1227)
==1722==



-- 

   Jack Mitchell (jack at embed.me.uk)
   Embedded Systems Engineer
   http://www.embed.me.uk

--




More information about the Libwebsockets mailing list