Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Buffer verification causes segmentation fault [C++, gcc 5.4.0, Ubuntu, 1.8.0/master] #4560

Closed
Kostofey opened this issue Dec 20, 2017 · 4 comments
Closed

Buffer verification causes segmentation fault [C++, gcc 5.4.0, Ubuntu, 1.8.0/master] #4560

Kostofey opened this issue Dec 20, 2017 · 4 comments

Comments

@Kostofey
Copy link

Kostofey commented Dec 20, 2017
edited
Loading

Hello Guys,
I generated code for C++ and fill all data except "content" related fields:

    flatbuffers::Offset<flatbuffers::Vector<uint8_t>> content_type              = 0;
    flatbuffers::Offset<flatbuffers::Vector<flatbuffers::Offset<void>>> content = 0;
     
    MessageBuilder msgBuilder(builder);
    msgBuilder.add_content(content);
    msgBuilder.add_content_type(content_type);
    <fill other data fields>

After buffer generation, I tried to check buffer content with:

        flatbuffers::Verifier ver = flatbuffers::Verifier(buf, buf_size);
        bool ok = VerifyMessageBuffer(ver); <==== This call cause "segmentation fault"

While data decoding works well.

CallStack:
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x0000000000407ec4 in flatbuffers::Vector<flatbuffers::Offset >::size (this=0x0) at /usr/local/include/flatbuffers/flatbuffers.h:189
189 uoffset_t size() const { return EndianScalar(length_); }
(gdb) bt full
#0 0x0000000000407ec4 in flatbuffers::Vector<flatbuffers::Offset >::size (this=0x0) at /usr/local/include/flatbuffers/flatbuffers.h:189
No locals.
#1 0x0000000000406ab1 in CarNet::BSMFrame::VerifyContentcontentVector (verifier=..., values=0x0, types=0x0) at /home/kot/data/src/TestUDP/Frame_generated.h:871
No locals.
#2 0x0000000000405e98 in Net::Frame::Message::Verify (this=0xcc8090, verifier=...) at /home/kot/data/src/TestUDP/Frame_generated.h:459
No locals.
#3 0x000000000040a803 in flatbuffers::Verifier::VerifyBufferFromStartNet::Frame::Message (this=0x7ffc26383980, identifier=0x0, start=0xcc8080 "\020")
at /usr/local/include/flatbuffers/flatbuffers.h:1723
o = 16
#4 0x0000000000408b4a in flatbuffers::Verifier::VerifyBufferNet::Frame::Message (this=0x7ffc26383980, identifier=0x0) at /usr/local/include/flatbuffers/flatbuffers.h:1738
No locals.
#5 0x0000000000406b7b in Net::Frame::VerifyMessageBuffer (verifier=...) at /home/kot/data/src/TestUDP/Frame_generated.h:887
No locals.
#6 0x00000000004022cd in main (argc=1, argv=0x7ffc26383c08) at /home/kot/data/src/TestUDP/Client.cpp:163

fbs description looks like:
namespace Net.Frame;
union dataContent { Extension1, Extension2 }

table Message {
coreData:MessageCoreData;
content:[dataContent];
}

table MessageCoreData {
msgCnt:ubyte;
latitude:long;
longitude:long;
speed:ushort;
heading:ushort;
}

table Extension1 {
num:uint;
}

table Extension2 {
num1:uint;
}

BTW: Why "union" could not be a root_type?

Thanks in advance!
@aardappel
Copy link
Collaborator

This appears to be a bug in the "vectors of unions" feature that it doesn't check for null. The generated code for CarNet::BSMFrame::VerifyContentcontentVector should contain if (!values) return true at the start.

Are you able to create a PR for this?

unions are represented as two fields (or in this case, two vectors), so for simplicity it was decided way back when that only tables can be roots.

@Kostofey
Copy link
Author

No I'm not able to create PR for now, sorry.
I see, Thanks.

@aardappel
Copy link
Collaborator

Fix here: 0c86929

@Kostofey
Copy link
Author

Thanks a lot

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@aardappel @Kostofey