| Anonymous | Login | 2022-06-26 14:58 UTC |  |
| My View | View Issues | Change Log | Roadmap |
| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||
| 0000107 | OMNeT++ | runtime / Tkenv | public | 2009-09-21 15:54 | 2010-04-25 19:13 | ||||
| Reporter | rhornig | ||||||||
| Assigned To | andras | ||||||||
| Priority | normal | Severity | crash | Reproducibility | have not tried | ||||
| Status | resolved | Resolution | fixed | ||||||
| Platform | OS | OS Version | |||||||
| Product Version | 4.0 | ||||||||
| Target Version | Fixed in Version | 4.1 | |||||||
| Summary | 0000107: Segmentation faults on 64-bit Fedora | ||||||||
| Description | Hi! While trying to create some simulation models I stumbled upon some segmentation faults (the gdb backtrace of one of them is at the end of the mail). While trying to figure out what's happening I stumbled on this post: http://www.bailopan.net/blog/?p=30 [^] which seems to be the problem in this case, and probably the global problem in the code? Stjepan (gdb) bt #0 0x000000303b4489d7 in vfprintf () from /lib64/libc.so.6 0000001 0x000000303b46f232 in vsnprintf () from /lib64/libc.so.6 0000002 0x00007fdcdb190246 in Tkenv::componentMethodBegin (this=0x1c16ee0, fromComp=0x36e3fb0, toComp=0x36e2d80, methodFmt=0x7fdcd9c83450 "fireChangeNotification(%s, %s)", va=0x7fff9f655e60) at tkenv.cc:1292 0000003 0x00007fdcda73b2f4 in cMethodCallContextSwitcher::methodCall (this=0x7fff9f655f90, methodFmt=0x7fdcd9c83450 "fireChangeNotification(%s, %s)") at util.cc:376 0000004 0x00007fdcd995886a in NotificationBoard::fireChangeNotification (this=0x36e2d80, category=4, details=0x36e4110) at base/NotificationBoard.cc:99 0000005 0x00007fdcd99af322 in AbstractRadio::setRadioState (this=0x36e3fb0, newState=RadioState::TRANSMIT) at linklayer/radio/AbstractRadio.cc:638 0000006 0x00007fdcd99ada74 in AbstractRadio::handleUpperMsg (this=0x36e3fb0, airframe=0x38207c0) at linklayer/radio/AbstractRadio.cc:271 0000007 0x00007fdcd99ad2d8 in AbstractRadio::handleMessage (this=0x36e3fb0, msg=0x3820000) at linklayer/radio/AbstractRadio.cc:147 0000008 0x00007fdcda7139f9 in cSimulation::doOneEvent (this=0x1c17300, mod=0x36e3fb0) at csimulation.cc:627 0000009 0x00007fdcdb18c5bb in Tkenv::doRunSimulation (this=0x1c16ee0) at tkenv.cc:529 0000010 0x00007fdcdb18c0ce in Tkenv::runSimulation (this=0x1c16ee0, mode=1, until_time= {t = 0, static scaleexp = -12, static dscale = 1000000000000, static fscale = 1000000000000, static invfscale = 9.9999999999999998e-13, static SCALEEXP_S = <optimized out>, static SCALEEXP_MS = <optimized out>, static SCALEEXP_US = <optimized out>, static SCALEEXP_NS = <optimized out>, static SCALEEXP_PS = <optimized out>, static SCALEEXP_FS = <optimized out>, static SCALEEXP_UNINITIALIZED = -1}, until_eventnum=0, until_msg=0x0, until_module=0x0) at tkenv.cc:402 0000011 0x00007fdcdb198672 in run_cmd (interp=0x1f9e670, argc=2, argv=0x1fa0ba0) at tkcmd.cc:430 0000012 0x000000303cc2f11f in TclInvokeStringCommand () from /usr/lib64/libtcl8.5.so 0000013 0x000000303cc300c1 in ?? () from /usr/lib64/libtcl8.5.so 0000014 0x000000303cc77d3c in ?? () from /usr/lib64/libtcl8.5.so 0000015 0x000000303cc7f1e9 in ?? () from /usr/lib64/libtcl8.5.so 0000016 0x000000303cc31266 in TclEvalObjEx () from /usr/lib64/libtcl8.5.so 0000017 0x000000303cc42744 in ?? () from /usr/lib64/libtcl8.5.so 0000018 0x000000303cc300c1 in ?? () from /usr/lib64/libtcl8.5.so 0000019 0x000000303cc77d3c in ?? () from /usr/lib64/libtcl8.5.so 0000020 0x000000303ccb8ad0 in TclObjInterpProcCore () from /usr/lib64/libtcl8.5.so 0000021 0x000000303cc300c1 in ?? () from /usr/lib64/libtcl8.5.so 0000022 0x000000303cc77d3c in ?? () from /usr/lib64/libtcl8.5.so 0000023 0x000000303ccb8ad0 in TclObjInterpProcCore () from /usr/lib64/libtcl8.5.so 0000024 0x000000303cc300c1 in ?? () from /usr/lib64/libtcl8.5.so 0000025 0x000000303cc77d3c in ?? () from /usr/lib64/libtcl8.5.so 0000026 0x000000303cc7f1e9 in ?? () from /usr/lib64/libtcl8.5.so 0000027 0x000000303cc31266 in TclEvalObjEx () from /usr/lib64/libtcl8.5.so 0000028 0x000000303c062c96 in ?? () from /usr/lib64/libtk8.5.so 0000029 0x000000303cc300c1 in ?? () from /usr/lib64/libtcl8.5.so 0000030 0x000000303cc30ff3 in Tcl_EvalObjv () from /usr/lib64/libtcl8.5.so 0000031 0x000000303cc313c8 in TclEvalObjEx () from /usr/lib64/libtcl8.5.so 0000032 0x000000303ccb94df in ?? () from /usr/lib64/libtcl8.5.so 0000033 0x000000303cc300c1 in ?? () from /usr/lib64/libtcl8.5.so 0000034 0x000000303cc77d3c in ?? () from /usr/lib64/libtcl8.5.so 0000035 0x000000303ccb8ad0 in TclObjInterpProcCore () from /usr/lib64/libtcl8.5.so 0000036 0x000000303cc300c1 in ?? () from /usr/lib64/libtcl8.5.so 0000037 0x000000303cc306bf in ?? () from /usr/lib64/libtcl8.5.so 0000038 0x000000303c0369e0 in Tk_BindEvent () from /usr/lib64/libtk8.5.so 0000039 0x000000303c03cff5 in TkBindEventProc () from /usr/lib64/libtk8.5.so 0000040 0x000000303c044090 in Tk_HandleEvent () from /usr/lib64/libtk8.5.so 0000041 0x000000303c0442c8 in ?? () from /usr/lib64/libtk8.5.so 0000042 0x000000303cca9a07 in Tcl_ServiceEvent () from /usr/lib64/libtcl8.5.so 0000043 0x000000303cca9cdf in Tcl_DoOneEvent () from /usr/lib64/libtcl8.5.so 0000044 0x00007fdcdb1a3b83 in runTk () at tklib.cc:111 0000045 0x00007fdcdb18b8ec in Tkenv::run (this=0x1c16ee0) at tkenv.cc:263 0000046 0x00007fdcdaeeafa6 in EnvirBase::run (this=0x1c16ee0, argc=5, argv=0x7fff9f6585f8, configobject=0x1bb5ae0) at envirbase.cc:230 0000047 0x00007fdcdaee79b5 in setupUserInterface (argc=5, argv=0x7fff9f6585f8, cfg=0x0) at startup.cc:234 0000048 0x00007fdcdaee89a8 in main (argc=5, argv=0x7fff9f6585f8) at main.cc:39 0000049 0x000000303b41ea2d in __libc_start_main () from /lib64/libc.so.6 0000050 0x0000000000400689 in _start () | ||||||||
| Tags | No tags attached. | ||||||||
| Attached Files | |||||||||
 Relationships |
|
 Relationships |
|
Notes |
|
|
(0000176) rhornig (administrator) 2009-09-21 15:55 |
Ok, I managed to trace this one and correct it. The problem is in the Tkenv::componentMethodBegin method (src/tkenv/tkenv.cc in OMNeT++ distribution). At the beginning of the function there is a call to a method EnvirBase::componentMethodBegin which also takes va argument but messes it up (for details see the link I sent in the previous mail) and that argument is then given to the function vsnprintf that segfaults. The solution is to change the call of the first method EnvirBase::componentMethodBegin as follows: va_list vc; va_copy(vc, va); EnvirBase::componentMethodBegin(fromComp, toComp, methodFmt, vc); va_end(vc); |
|
(0000244) andras (administrator) 2010-04-25 19:08 |
Visual C++ does not have va_copy(). Adding the following to platmisc.h: #ifdef _MSC_VER #define va_copy(dst, src) ((void)((dst) = (src))) #endif |
|
(0000245) andras (administrator) 2010-04-25 19:13 |
added missing va_copy |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2009-09-21 15:54 | rhornig | New Issue | |
| 2009-09-21 15:55 | rhornig | Note Added: 0000176 | |
| 2010-04-25 19:08 | andras | Note Added: 0000244 | |
| 2010-04-25 19:13 | andras | Note Added: 0000245 | |
| 2010-04-25 19:13 | andras | Status | new => resolved |
| 2010-04-25 19:13 | andras | Fixed in Version | => 4.1 |
| 2010-04-25 19:13 | andras | Resolution | open => fixed |
| 2010-04-25 19:13 | andras | Assigned To | => andras |
|
Issue History |
| Copyright © 2000 - 2022 MantisBT Team |
 |