FS#35872 - [trickle] SIGFAULT when using select
Attached to Project:
Community Packages
Opened by Olivier Langlois (lano1106) - Friday, 21 June 2013, 05:36 GMT
Last edited by Balló György (City-busz) - Wednesday, 25 December 2013, 09:37 GMT
Opened by Olivier Langlois (lano1106) - Friday, 21 June 2013, 05:36 GMT
Last edited by Balló György (City-busz) - Wednesday, 25 December 2013, 09:37 GMT
|
Details
Description:
This is a problem upstream. I have reported the problem to the author (Marius) but considering that the package hasn't been updated for about 10 years, it might be a good idea to add it into Arch package. Your call. Anyway, here are the details: Problem #1 From man 3 select The nfds argument specifies the range of descriptors to be tested. The first nfds descriptors shall be checked in each set; that is, the descriptors from zero through nfds-1 in the descriptor sets shall be examined. Hence in trickle-overload.c _select(), it is wrong to decrement nfds because: a) the same fd could be in both read & write fdsets but is counted only once in nfds b) in other words nfds is maxfd value in any fdsets passed in parameters in the following scenario, the code as is would fail delayed socket fd = 1, fd = 2 is a local pipe not found in sdhead tailq. nfds = 3 current code would remove fd1 from fdset and decrement nfds to 2. Hence libc_select will not consider fd2 at all. There is no portable way to efficiently recalculate nfds once you remove the highest fd from the sets. The only portable way would be to use a for loop with an initial value equal to nfds-1 up to 0 and test each bits with FD_ISSET until it returns true. A more efficient and non portable way would be to test for non 0 integer in the fdset bitmap array and only test bit by bit once you find the first non zero integer but IMO, this is not worth the trouble. select syscall will scan the fdset with the implementation knowledge in the most efficient way. My recommendation: just do not mess with nfds. Problem #2: delaytv points to the first dhead element delaytv. If this element gets freed, this will result into invalid read and write when accessing delaytv. Problem #3: timersub(&inittv, &curtv, &difftv); should be timersub(&curtv, &inittv, &difftv); Improvement #1: I have removed 1 gettimeofday system call and 1 difftv computation. Additional info: * trickle 1.07 * config and/or log files etc. Steps to reproduce: Use it with bitcoin-qt 0.8.2: valgrind --trace-children=yes --log-file=/tmp/bitcoin-%p.log /usr/bin/trickle -u40 /usr/bin/bitcoin-qt |
This task depends upon
Closed by Balló György (City-busz)
Wednesday, 25 December 2013, 09:37 GMT
Reason for closing: Fixed
Additional comments about closing: trickle 1.07-8
Wednesday, 25 December 2013, 09:37 GMT
Reason for closing: Fixed
Additional comments about closing: trickle 1.07-8
https://github.com/mariusaeriksen/trickle.
Not sure when 1.08 is scheduled....