Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

PR #28 broke REP sockets

Description

PR #28 on zeromq2-1 supposedly fixes a memory leak, but actually prevents REP sockets from sending any (non-VSM) messages by causing a double-free situation. For a test case, simply run the hwserver.c example, changing the reply message to be large enough to not fit in a VSM, e.g.

gdb output of hwserver (hwclient is run unaltered):

Resetting to the commit prior to merge (d3a1ba6ae4a0e3939fb9e48935ac341504cd513d) avoids the error.

Aside: Jira is not aware that 2.1.10 has been released, so I cannot mark this as affecting 2.1.11, so I marked it as 2.1.10, which isn't accurate.

Environment

OSX 10.7.2, Ubuntu 11.10

Activity

Show:

Min RK December 12, 2011 at 4:03 AM

The offending commit was reverted, marking as fixed.

PieterP November 30, 2011 at 11:18 PM

So, reverted commit 1fb107 which was causing memory violations:

==6137== Invalid free() / delete / delete[]
==6137== at 0x4C282E0: free (vg_replace_malloc.c:366)
==6137== by 0x5068609: zmq_msg_close (zmq.cpp:153)
==6137== by 0x5053A94: zmq::encoder_t::message_ready() (encoder.cpp:56)
==6137== by 0x5069D63: zmq::zmq_engine_t::out_event() (encoder.hpp:80)
==6137== by 0x50585CD: zmq::object_t:rocess_command(zmq::command_t&) (object.cpp:63)
==6137== by 0x50552DB: zmq::io_thread_t::in_event() (io_thread.cpp:83)
==6137== by 0x505429D: zmq::epoll_t::loop() (epoll.cpp:161)
==6137== by 0x5064A55: thread_routine (thread.cpp:75)
==6137== by 0x561FEFB: start_thread (pthread_create.c:304)
==6137== by 0x535A89C: clone (clone.S:112)
==6137== Address 0x63ceed0 is 0 bytes inside a block of size 72 free'd
==6137== at 0x4C282E0: free (vg_replace_malloc.c:366)
==6137== by 0x5068609: zmq_msg_close (zmq.cpp:153)
==6137== by 0x5066682: zmq::xrep_t::xsend(zmq_msg_t*, int) (xrep.cpp:217)
==6137== by 0x5060D00: zmq::socket_base_t::send(zmq_msg_t*, int) (socket_base.cpp:505)
==6137== by 0x4E344BA: zframe_send (zframe.c:163)
==6137== by 0x4E375FC: zmsg_send (zmsg.c:139)
==6137== by 0x401A9F: main (mdbroker.c:411)

I've pushed that change to master. Not sure where the pull request #34 went to, it was already closed when I saw it.

PieterP November 27, 2011 at 3:29 PM

Thanks for catching this. Mato is adding the 2.1.11 release to Jira (the CSS was messed up, hiding the necessary menu option). I'm not quite sure how to revert a merge, so will wait for a new pull request that fixes this issue.

Fixed

Details

Assignee

Reporter

Components

Fix versions

Affects versions

Priority

Created November 27, 2011 at 7:42 AM
Updated August 29, 2013 at 4:19 PM
Resolved December 12, 2011 at 4:03 AM
Configure