Skip to content

Commit

Permalink
TCP source: prevent segfault if removed prior to start
Browse files Browse the repository at this point in the history 
If the TCP source is removed prior to being started, the m_tcpServer is
never initialized which results in a segfault when we try to dereference
it.

==4580==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7fba5c2405b3 bp 0x7fba96737b00 sp 0x7fba47400120 T7)
==4580==The signal is caused by a READ memory access.
==4580==Hint: address points to the zero page.
    #0 0x7fba5c2405b2 in TCPSrc::stop() ./plugins/channelrx/tcpsrc/tcpsrc.cpp:186
    f4exb#1 0x7fba9a27598e in ThreadedBasebandSampleSink::stop() ./sdrbase/dsp/threadedbasebandsamplesink.cpp:109
    f4exb#2 0x7fba9a1d3b18 in DSPDeviceSourceEngine::handleSynchronousMessages() ./sdrbase/dsp/dspdevicesourceengine.cpp:678
    f4exb#3 0x7fba9785e061 in QObject::event(QEvent*) (/usr/lib/libQt5Core.so.5+0x2ce061)
    f4exb#4 0x7fba985aafeb in QApplicationPrivate::notify_helper(QObject*, QEvent*) (/usr/lib/libQt5Widgets.so.5+0x151feb)
    f4exb#5 0x7fba985b29c5 in QApplication::notify(QObject*, QEvent*) (/usr/lib/libQt5Widgets.so.5+0x1599c5)
    f4exb#6 0x7fba9782ccef in QCoreApplication::notifyInternal2(QObject*, QEvent*) (/usr/lib/libQt5Core.so.5+0x29ccef)
    f4exb#7 0x7fba9782f955 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (/usr/lib/libQt5Core.so.5+0x29f955)
    f4exb#8 0x7fba97889c53  (/usr/lib/libQt5Core.so.5+0x2f9c53)
    f4exb#9 0x7fba9073d457 in g_main_context_dispatch (/usr/lib/libglib-2.0.so.0+0x4c457)
    f4exb#10 0x7fba9073d6a0  (/usr/lib/libglib-2.0.so.0+0x4c6a0)
    f4exb#11 0x7fba9073d72d in g_main_context_iteration (/usr/lib/libglib-2.0.so.0+0x4c72d)
    f4exb#12 0x7fba97889240 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (/usr/lib/libQt5Core.so.5+0x2f9240)
    f4exb#13 0x7fba9782b32a in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (/usr/lib/libQt5Core.so.5+0x29b32a)
    f4exb#14 0x7fba9763a72d in QThread::exec() (/usr/lib/libQt5Core.so.5+0xaa72d)
    f4exb#15 0x7fba9763facc  (/usr/lib/libQt5Core.so.5+0xafacc)
    f4exb#16 0x7fba958f908b in start_thread (/usr/lib/../lib/libpthread.so.0+0x708b)
    f4exb#17 0x7fba96011e7e in __GI___clone (/usr/lib/libc.so.6+0xf5e7e)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV ./plugins/channelrx/tcpsrc/tcpsrc.cpp:186 in TCPSrc::stop()
Thread T7 (DSPDeviceSource) created by T0 here:
    #0 0x7fba9ebaa511 in __interceptor_pthread_create /build/gcc/src/gcc/libsanitizer/asan/asan_interceptors.cc:243
    f4exb#1 0x7fba9763ef7a in QThread::start(QThread::Priority) (/usr/lib/libQt5Core.so.5+0xaef7a)
  • Loading branch information
@jigpu
jigpu committed Apr 22, 2018
1 parent 3153547 commit 11c45a1
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions plugins/channelrx/tcpsrc/tcpsrc.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -183,6 +183,9 @@ void TCPSrc::stop()
closeAllSockets(&m_ssbSockets);
closeAllSockets(&m_s16leSockets);

if (!m_tcpServer)
return;

if(m_tcpServer->isListening())
m_tcpServer->close();
delete m_tcpServer;
Expand Down

0 comments on commit 11c45a1

Please sign in to comment.