On 04/01/2017 12:12 PM, Michael Davidsaver wrote:
> I've opened https://bugs.launchpad.net/epics-base/+bug/1678494
Now with a patch to be tested.
> On 04/01/2017 09:20 AM, Kasemir, Kay wrote:
>> Hi:
>>
>>
>> When reading a "long string" PV as DBR_CTRL_CHAR with 1 array element,
>> an EPICS 3.15.5 IOC crashes.
>>
>> Has been OK with R3.14.x.
>>
>>
>> Example C client and stack trace of server is below. Basically, CA
>> server seems to try return all elements of the CHAR array, but the
>> buffer only allows for the 1 requested.
>>
>>
>> Why I ran into this:
>>
>> Older IOCs, i.e. most of those in operation ;-), don't support
>> DBE_PROPERTY.
>>
>> So clients fetch the DBR_CTRL_native_type once, then subscribe to
>> for example DBR_STS_* for the complete array.
>>
>> When fetching the initial meta data, they don't need the complete value.
>> In fact for large arrays it would be wasteful to keep a copy of the
>> whole outdated array, just need the meta data and then one instance of
>> the 'current' array.
>>
>>
>> Thanks,
>>
>> Kay
>>
>>
>> Example C code that crashes IOC:
>> ````
>> /* USAGE: cademo SomePV.INP$
>> *
>> * Fetches a "long string" channel as DBR_CTRL_CHAR[1].
>> * OK for R4.14.*, crashes R3.15.5
>> */
>> #include <stdio.h>
>> #include <string.h>
>> #include <epicsStdlib.h>
>> #include <epicsString.h>
>> #include <cadef.h>
>>
>> int main (int argc, char *argv[])
>> {
>> const char *name = argv[1];
>> int result;
>> chid chid;
>> struct dbr_ctrl_char value;
>>
>> puts(name);
>>
>> result = ca_context_create(ca_disable_preemptive_callback);
>> SEVCHK(result, "connect");
>> result = ca_create_channel(name, 0, 0, 0, &chid);
>> SEVCHK(result, "create");
>> result = ca_pend_io(2.0);
>> SEVCHK(result, "pend create");
>> result = ca_array_get(DBR_CTRL_CHAR, 1, chid, &value);
>> SEVCHK(result, "get");
>> result = ca_pend_io(2.0);
>> SEVCHK(result, "pend get");
>>
>> ca_context_destroy();
>>
>> return result;
>> }
>> ````
>>
>> For an IOC created via `makeBaseApp.pl -t example`, when reading
>> `$(user):ai1.INP$`, the IOC crashes while placing the value,
>> `$(user):calcExample1.VAL NPP NMS`, in the ca-get return buffer:
>> ````
>> Program received signal SIGSEGV, Segmentation fault.
>> [Switching to Thread 0x7fffd75f8700 (LWP 4974)]
>> 0x00007ffff66eb795 in __strncpy_sse2_unaligned () from /lib64/libc.so.6
>> Missing separate debuginfos, use: debuginfo-install
>> glibc-2.17-157.el7.x86_64 libgcc-4.8.5-11.el7.x86_64
>> libstdc++-4.8.5-11.el7.x86_64 ncurses-libs-5.9-13.20130511.el7.x86_64
>> readline-6.2-9.el7.x86_64
>> (gdb) bt
>> #0 0x00007ffff66eb795 in __strncpy_sse2_unaligned () from /lib64/libc.so.6
>> #1 0x00007ffff7735ebf in getLinkValue (paddr=0x7fffe4013020,
>> paddr=0x7fffe4013020,
>> nRequest=<optimized out>, pbuf=0x7ffff7e53035
>> "training:calcExample1.VAL NPP NMS",
>> dbrType=<optimized out>) at ../../../src/ioc/db/dbAccess.c:773
>> #2 dbGet (paddr=paddr@entry=0x7fffe4013020, dbrType=dbrType@entry=2,
>> pbuffer=<optimized out>,
>> options=options@entry=0x7fffd75f76e0,
>> nRequest=nRequest@entry=0x7fffd75f7c30,
>> pflin=pflin@entry=0x0) at ../../../src/ioc/db/dbAccess.c:857
>> #3 0x00007ffff773888c in dbChannelGet (chan=chan@entry=0x7fffe4013018,
>> type=type@entry=2,
>> pbuffer=<optimized out>, options=options@entry=0x7fffd75f76e0,
>> nRequest=nRequest@entry=0x7fffd75f7c30, pfl=pfl@entry=0x0)
>> at ../../../src/ioc/db/dbChannel.c:668
>> #4 0x00007ffff774b8d3 in dbChannel_get_count
>> (chan=chan@entry=0x7fffe4013018,
>> buffer_type=<optimized out>, pbuffer=0x7ffff7e53020,
>> nRequest=nRequest@entry=0x7fffd75f7c30,
>> pfl=pfl@entry=0x0) at ../../../src/ioc/db/db_access.c:685
>> #5 0x00007ffff776f6c2 in read_reply (pfl=0x0, eventsRemaining=1,
>> dbch=0x7fffe4013018,
>> pArg=0x7fffd75f7c50) at ../../../src/ioc/rsrv/camessage.c:587
>> #6 read_notify_action (mp=<optimized out>, pPayload=<optimized out>,
>> client=<optimized out>)
>> at ../../../src/ioc/rsrv/camessage.c:800
>> #7 0x00007ffff77708df in camessage (client=client@entry=0x7fffec000f90)
>> at ../../../src/ioc/rsrv/camessage.c:2628
>> #8 0x00007ffff776d26c in camsgtask (pParm=0x7fffec000f90)
>> at ../../../src/ioc/rsrv/camsgtask.c:129
>> #9 0x00007ffff727a58c in start_routine (arg=0x7fffe0001130)
>> at ../../../src/libCom/osi/os/posix/osdThread.c:403
>> #10 0x00007ffff6441dc5 in start_thread () from /lib64/libpthread.so.0
>> #11 0x00007ffff674d73d in clone () from /lib64/libc.so.6
>> ````
>>
>>
>>
>
- Replies:
- Re: EPICS R3.15.5 IOC crashes for DBR_CTRL_CHAR request with 1 array element Kasemir, Kay
- References:
- EPICS R3.15.5 IOC crashes for DBR_CTRL_CHAR request with 1 array element Kasemir, Kay
- Re: EPICS R3.15.5 IOC crashes for DBR_CTRL_CHAR request with 1 array element Michael Davidsaver
- Navigate by Date:
- Prev:
Re: EPICS R3.15.5 IOC crashes for DBR_CTRL_CHAR request with 1 array element Michael Davidsaver
- Next:
Re: EPICS R3.15.5 IOC crashes for DBR_CTRL_CHAR request with 1 array element Kasemir, Kay
- Index:
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
<2017>
2018
2019
2020
2021
2022
2023
2024
- Navigate by Thread:
- Prev:
Re: EPICS R3.15.5 IOC crashes for DBR_CTRL_CHAR request with 1 array element Michael Davidsaver
- Next:
Re: EPICS R3.15.5 IOC crashes for DBR_CTRL_CHAR request with 1 array element Kasemir, Kay
- Index:
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
<2017>
2018
2019
2020
2021
2022
2023
2024
|