| TEXT codec and abort() via regerror() [message #1777134] |
Fri, 24 November 2017 19:53  |
|
I'm running a TEXT based MGCP decoder in a somewhat more complex parallel test configuration, and it fails with the following backtrace:
./IPA_Test: Abort was called
/usr/lib/titan/libttcn3-parallel-dynamic.so(_Z14signal_handleri+0xa3)[0x7f9a77b23813]
/lib/x86_64-linux-gnu/libc.so.6(+0x33af0)[0x7f9a761e7af0]
/lib/x86_64-linux-gnu/libc.so.6(gsignal+0x110)[0x7f9a761e7a70]
/lib/x86_64-linux-gnu/libc.so.6(abort+0x17a)[0x7f9a761e919a]
/lib/x86_64-linux-gnu/libc.so.6(regerror+0x75)[0x7f9a76286985]
/usr/lib/titan/libttcn3-parallel-dynamic.so(_ZNK11Token_Match11match_beginER11TTCN_Buffer+0x1b1)[0x7f9a77af1b11]
./MGCP_Types.so(_ZN11MGCP__Types11MgcpCommand11TEXT_decodeERK21TTCN_Typedescriptor_tR11TTCN_BufferR16Limit_Token_Listbb+0x90)[0x7f9a7ea70904]
./MGCP_Types.so(_ZN11MGCP__Types11MgcpCommand6decodeERK21TTCN_Typedescriptor_tR11TTCN_BufferN11TTCN_EncDec8coding_tEz+0x417)[0x7f9a7ea70229]
./MGCP_Types.so(_ZN11MGCP__Types16dec__MgcpCommandERK10CHARSTRING+0xbc)[0x7f9a7ea81323]
./IPA_Emulation.so(_ZN14IPA__Emulation17f__mgcp__to__userERK11OCTETSTRING+0x11b)[0x7f9a7fa0ad41]
./IPA_Emulation.so(_ZN14IPA__Emulation10ScanEventsEv+0x520)[0x7f9a7fa0b44d]
./IPA_Emulation.so(_ZN14IPA__Emulation12main__clientERK10CHARSTRINGRK7INTEGERS2_S5_+0xa1)[0x7f9a7fa0a8c4]
./IPA_Emulation.so(+0x21ba5)[0x7f9a7fa0cba5]
/usr/lib/titan/libttcn3-parallel-dynamic.so(_ZN11Module_List14start_functionEPKcS1_R8Text_Buf+0x2b)[0x7f9a77ad5d3b]
/usr/lib/titan/libttcn3-parallel-dynamic.so(_ZN12TTCN_Runtime14start_functionEPKcS1_R8Text_Buf+0x25)[0x7f9a77ae69e5]
/usr/lib/titan/libttcn3-parallel-dynamic.so(_ZN18TTCN_Communication13process_startEv+0x42)[0x7f9a77aad802]
/usr/lib/titan/libttcn3-parallel-dynamic.so(_ZN18TTCN_Communication23process_all_messages_tcEv+0x2f5)[0x7f9a77aae055]
/usr/lib/titan/libttcn3-parallel-dynamic.so(_ZN12TTCN_Runtime8ptc_mainEv+0xdf)[0x7f9a77aea50f]
/usr/lib/titan/libttcn3-parallel-dynamic.so(main+0x330)[0x7f9a77824da0]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1)[0x7f9a761d4561]
./IPA_Test(+0xa1a)[0x564e293a0a1a]
MC@nataraja: Unexpected end of PTC connection (6) from 127.0.0.1 [127.0.0.1].
So the generated code wants to do something with regular expressions and then that fails, hence it calls regerror() but this in turn crashes with an abort.
In TEXT.cc of titan.core I can find
int Token_Match::match_begin(TTCN_Buffer& buff) const
{
int retval=-1;
int ret_val=-1;
if(null_match){
if (TTCN_EncDec::get_error_behavior(TTCN_EncDec::ET_LOG_MATCHING) !=
TTCN_EncDec::EB_IGNORE) {
char msg[ERRMSG_BUFSIZE2];
regerror(ret_val, &posix_regexp_begin, msg, ERRMSG_BUFSIZE2);
I'm running eclipse-titan 6.2.0-1 as packaged by debian, not a version compiled myself.
I checked the commit log, and apart from 603b99b3a9953a193cb086df383c4f20d165a68a I couldn't find any recent changes/fixes, so I don't think a more recent TITAN version would have this already fixed.
The funny part is: When I decode the exact same MGCP payload using a simplistic single-component test case, it succeeds :/
CRCX 1128017070 1@mgw MGCP 1.0
C: 2CD6ED06
L: p:20, a:PCMU
M: recvonly
In any case, I think no matter what kind of input data gets passed to a TEXT codec, the titan runtime shouldn't call regerr() in a way that it aborts, so there might be something like a double-failure here. My code runs titan into an error path, and that error path causes the abort.
|
|
|
|
|
|
Powered by
FUDForum. Page generated in 0.03362 seconds
] 
Search
Help
Register
Login
Home
