You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.
I was trying to do a cfg_rpc update on a variable and some of the times, the variable would take on randomly large values or negative values.
The -1 here is probably causing issues.
Here's an explanation of what's going on (debugged using gdb). In cfg_struc.c if you put a breakpoint in the following line in cfg_clone_global
checking variable values:
--- Old (correct) value ---
(gdb) print sizeof(*(int *)(((unsigned char *)((*cfg_global)->vars + 984)) + 172))
$33 = 4
(gdb) print *((unsigned char *)&(*(int *)(((unsigned char *)((*cfg_global)->vars + 984)) + 172)) + 0)
$34 = 99 'c'
(gdb) print *((unsigned char *)&(*(int *)(((unsigned char *)((*cfg_global)->vars + 984)) + 172)) + 1)
$35 = 0 '\000'
(gdb) print *((unsigned char *)&(*(int *)(((unsigned char *)((*cfg_global)->vars + 984)) + 172)) + 2)
$36 = 0 '\000'
(gdb) print *((unsigned char *)&(*(int *)(((unsigned char *)((*cfg_global)->vars + 984)) + 172)) + 3)
$37 = 0 '\000'
--- new (corrupt) value ---
(gdb) print sizeof(*(int *)(((unsigned char *)((block)->vars + 984)) + 172))
$28 = 4
(gdb) print *((unsigned char *)&(*(int *)(((unsigned char *)((block)->vars + 984)) + 172)) + 0)
$29 = 99 'c'
(gdb) print *((unsigned char *)&(*(int *)(((unsigned char *)((block)->vars + 984)) + 172)) + 1)
$30 = 0 '\000'
(gdb) print *((unsigned char *)&(*(int *)(((unsigned char *)((block)->vars + 984)) + 172)) + 2)
$31 = 0 '\000'
(gdb) print *((unsigned char *)&(*(int *)(((unsigned char *)((block)->vars + 984)) + 172)) + 3)
$32 = 130 '\202'
As visible, the last byte is getting corrupted.
I checked the memory allocation variables:
--> cfg_block_size
(gdb) print cfg_block_size
$2 = 1156
--> sizeof(cfg_block_t)
print sizeof(cfg_block_t)
$15 = 8
This means that total memory assigned = 8 + 1156 -(1) = 1163
--> address of new block
(gdb) print (void *) block
$12 = (void *) 0x7f63086b6758
--> address of the corrupted variable in the new block
(gdb) print (void *)(((unsigned char *)((block)->vars + 984)) + 172)
$13 = (void *) 0x7f63086b6be0
--> offset of the variable from the block start
(gdb) print 0x7f63086b6be0 - 0x7f63086b6758
$14 = 1160
since the variable is an integer, memory that should be assigned = 1160 + 4 = 1164
However, we're assigning 1163.
Therefore the last byte is getting corrupted.
Does it make sense to remove the -1 from all the memory allocation in cfg_struct ?
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.