EPICS Home

Experimental Physics and Industrial Control System


 
2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  <20172018  2019  2020  2021  2022  2023  2024  Index 2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  <20172018  2019  2020  2021  2022  2023  2024 
<== Date ==> <== Thread ==>

Subject: EPICS R3.15.5 IOC crashes for DBR_CTRL_CHAR request with 1 array element
From: "Kasemir, Kay" <[email protected]>
To: "[email protected]" <[email protected]>
Date: Sat, 1 Apr 2017 13:20:41 +0000

Hi:


When reading a "long string" PV as DBR_CTRL_CHAR with 1 array element, an EPICS 3.15.5 IOC crashes.

Has been OK with R3.14.x.


Example C client and stack trace of server is below. Basically, CA server seems to try return all elements of the CHAR array, but the buffer only allows for the 1 requested.


Why I ran into this:

Older IOCs, i.e. most of those in operation ;-),  don't support DBE_PROPERTY.

So clients fetch the DBR_CTRL_native_type once, then subscribe to for example DBR_STS_* for the complete array.

When fetching the initial meta data, they don't need the complete value. In fact for large arrays it would be wasteful to keep a copy of the whole outdated array, just need the meta data and then one instance of the 'current' array.


Thanks,

Kay


Example C code that crashes IOC:
````
/* USAGE: cademo SomePV.INP$
 *
 * Fetches a "long string" channel as DBR_CTRL_CHAR[1].
 * OK for R4.14.*, crashes R3.15.5
 */
#include <stdio.h>
#include <string.h>
#include <epicsStdlib.h>
#include <epicsString.h>
#include <cadef.h>

int main (int argc, char *argv[])
{
    const char *name = argv[1];
    int result;
    chid chid;
    struct dbr_ctrl_char value;

    puts(name);

    result = ca_context_create(ca_disable_preemptive_callback);
    SEVCHK(result, "connect");
    result = ca_create_channel(name, 0, 0, 0, &chid);
    SEVCHK(result, "create");
    result = ca_pend_io(2.0);
    SEVCHK(result, "pend create");
    result = ca_array_get(DBR_CTRL_CHAR, 1, chid, &value);
    SEVCHK(result, "get");
    result = ca_pend_io(2.0);
    SEVCHK(result, "pend get");

    ca_context_destroy();

    return result;
}
````

For an IOC created via `makeBaseApp.pl -t example`, when reading `$(user):ai1.INP$`, the IOC crashes while placing the value, `$(user):calcExample1.VAL NPP NMS`, in the ca-get return buffer:
````
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffd75f8700 (LWP 4974)]
0x00007ffff66eb795 in __strncpy_sse2_unaligned () from /lib64/libc.so.6
Missing separate debuginfos, use: debuginfo-install glibc-2.17-157.el7.x86_64 libgcc-4.8.5-11.el7.x86_64 libstdc++-4.8.5-11.el7.x86_64 ncurses-libs-5.9-13.20130511.el7.x86_64 readline-6.2-9.el7.x86_64
(gdb) bt
#0  0x00007ffff66eb795 in __strncpy_sse2_unaligned () from /lib64/libc.so.6
#1  0x00007ffff7735ebf in getLinkValue (paddr=0x7fffe4013020, paddr=0x7fffe4013020, 
    nRequest=<optimized out>, pbuf=0x7ffff7e53035 "training:calcExample1.VAL NPP NMS", 
    dbrType=<optimized out>) at ../../../src/ioc/db/dbAccess.c:773
#2  dbGet (paddr=paddr@entry=0x7fffe4013020, dbrType=dbrType@entry=2, pbuffer=<optimized out>, 
    options=options@entry=0x7fffd75f76e0, nRequest=nRequest@entry=0x7fffd75f7c30, 
    pflin=pflin@entry=0x0) at ../../../src/ioc/db/dbAccess.c:857
#3  0x00007ffff773888c in dbChannelGet (chan=chan@entry=0x7fffe4013018, type=type@entry=2, 
    pbuffer=<optimized out>, options=options@entry=0x7fffd75f76e0, 
    nRequest=nRequest@entry=0x7fffd75f7c30, pfl=pfl@entry=0x0)
    at ../../../src/ioc/db/dbChannel.c:668
#4  0x00007ffff774b8d3 in dbChannel_get_count (chan=chan@entry=0x7fffe4013018, 
    buffer_type=<optimized out>, pbuffer=0x7ffff7e53020, nRequest=nRequest@entry=0x7fffd75f7c30, 
    pfl=pfl@entry=0x0) at ../../../src/ioc/db/db_access.c:685
#5  0x00007ffff776f6c2 in read_reply (pfl=0x0, eventsRemaining=1, dbch=0x7fffe4013018, 
    pArg=0x7fffd75f7c50) at ../../../src/ioc/rsrv/camessage.c:587
#6  read_notify_action (mp=<optimized out>, pPayload=<optimized out>, client=<optimized out>)
    at ../../../src/ioc/rsrv/camessage.c:800
#7  0x00007ffff77708df in camessage (client=client@entry=0x7fffec000f90)
    at ../../../src/ioc/rsrv/camessage.c:2628
#8  0x00007ffff776d26c in camsgtask (pParm=0x7fffec000f90)
    at ../../../src/ioc/rsrv/camsgtask.c:129
#9  0x00007ffff727a58c in start_routine (arg=0x7fffe0001130)
    at ../../../src/libCom/osi/os/posix/osdThread.c:403
#10 0x00007ffff6441dc5 in start_thread () from /lib64/libpthread.so.0
#11 0x00007ffff674d73d in clone () from /lib64/libc.so.6
````




Replies:
Re: EPICS R3.15.5 IOC crashes for DBR_CTRL_CHAR request with 1 array element Michael Davidsaver

Navigate by Date:
Prev: Re: epicsExport.h on Windows Michael Davidsaver
Next: Re: EPICS R3.15.5 IOC crashes for DBR_CTRL_CHAR request with 1 array element Michael Davidsaver
Index: 2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  <20172018  2019  2020  2021  2022  2023  2024 
Navigate by Thread:
Prev: Re: epicsExport.h on Windows Michael Davidsaver
Next: Re: EPICS R3.15.5 IOC crashes for DBR_CTRL_CHAR request with 1 array element Michael Davidsaver
Index: 2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  <20172018  2019  2020  2021  2022  2023  2024