[Bug 852] New: Bug in DataObjectLockFree (missed data initialization leading to malloc when using std::vector data)

Submitted by ThierryBultel on Wed, 2011-03-30 12:40

http://bugs.orocos.org/show_bug.cgi?id=852

Summary: Bug in DataObjectLockFree (missed data initialization
leading to malloc when using std::vector data)
Product: RTT
Version: rtt-trunk
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P3
Component: Real-Time Toolkit (RTT)
AssignedTo: orocos-dev [..] ...
ReportedBy: thierry [dot] bultel [..] ...
CC: orocos-dev [..] ...
Estimated Hours: 0.0

Hi,

I found out that bug when writing a std::vector into a port ten times.
I did so by having the glibc malloc hook instrumented.

The test shows that the 10th writing to the DataPort leads to
an allocation of memory. That happens when the port is not read
but only written.

The analysis is that the 'operator=' of the std::vector class
is used on a non-initialized receiver, thus the malloc.

The bug is located in the DataObjectLockFree constructor (code taken from RTT
1.10 and 1.12

// prepare the buffer.
for (unsigned int i = 0; i < BUF_LEN-1; ++i) {
data[i].data = initial_value;
data[i].next = &data[i+1];
}
// BUG ! The following line is missing in the original code
// --------------------------------------------------------
data[BUF_LEN-1].data = initial_value;
// --------------------------------------------------------
data[BUF_LEN-1].next = &data[0];
}

I have quickly read the 2.3 version, and I think the bug is there, too,

Adding the line above has solved my malloc issue.

Cheers
Thierry

‹ [Bug 833] New: variable declared twice [Bug 851] New: Connecting a null port in C++ lead to segfault ›
»

[Bug 852] Bug in DataObjectLockFree (missed data initialization

Submitted by peter on Wed, 2011-03-30 15:32.

http://bugs.orocos.org/show_bug.cgi?id=852

Peter Soetens <peter [..] ...> changed:

What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
CC| |peter [..] ...
Resolution| |FIXED
Target Milestone|--- |next-bugfix

--- Comment #1 from Peter Soetens <peter [..] ...> 2011-03-30 17:28:37 CEST ---
(In reply to comment #0)
> Hi,
>
> I found out that bug when writing a std::vector into a port ten times.
> I did so by having the glibc malloc hook instrumented.
>
> The test shows that the 10th writing to the DataPort leads to
> an allocation of memory. That happens when the port is not read
> but only written.
>
> The analysis is that the 'operator=' of the std::vector class
> is used on a non-initialized receiver, thus the malloc.
>
>
> The bug is located in the DataObjectLockFree constructor (code taken from RTT
> 1.10 and 1.12
>
>
> // prepare the buffer.
> for (unsigned int i = 0; i < BUF_LEN-1; ++i) {
> data[i].data = initial_value;
> data[i].next = &data[i+1];
> }
> // BUG ! The following line is missing in the original code
> // --------------------------------------------------------
> data[BUF_LEN-1].data = initial_value;
> // --------------------------------------------------------
> data[BUF_LEN-1].next = &data[0];
> }
>
>
> I have quickly read the 2.3 version, and I think the bug is there, too,
>
> Adding the line above has solved my malloc issue.
>
> Cheers
> Thierry

Your analysis and fix are correct. Bug was present on both 1.x and 2.x
branches. I've patched both. Thanks a lot for reporting.

Peter

»