Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

STL Allocators deallocate method gets called with the wrong size #2416

Closed
kfabian opened this issue Jan 26, 2024 · 2 comments
Closed

STL Allocators deallocate method gets called with the wrong size #2416

kfabian opened this issue Jan 26, 2024 · 2 comments

Comments

@kfabian
Copy link

kfabian commented Jan 26, 2024
edited
Loading

Bug report

This is linked to #2220. I created this bug, because I wanted to show that it causes actual issues. If you think this is an unneeded duplicate, I apologize.
Required Info:

  • Operating System:
    • Ubuntu 22.04
  • Installation type:
    • Binaries
  • Version or commit hash:
    • Rolling
  • DDS implementation:
    • CycloneDDS
  • Client library (if applicable):
    • rclcpp

Steps to reproduce issue

I encountered the issue when linking against jemalloc, but it is a general issue, just hidden by the implementation of operator delete(void* ptr, std::size_t size) in the standard lib.

docker run -it --rm ros:rolling
apt update && apt install -y autoconf ros-rolling-demo-nodes-cpp
git clone https://github.com/jemalloc/jemalloc.git -b 5.2.1
cd jemalloc/
./autogen.sh --enable-debug
make dist && make -j && make install
export LD_PRELOAD=`jemalloc-config --libdir`/libjemalloc.so.`jemalloc-config --revision`
export MALLOC_CONF=tcache:false
source /opt/ros/rolling/setup.bash
ros2 run demo_nodes_cpp talker

Expected behavior

The node runs.

Actual behavior

The node crashed directly after startup.

Additional information

When an rcl_allocator_t struct is created from a std::allocator_traits-formatted Allocator using get_rcl_allocator, the deallocate function will always be called with an element size of one. This is undefined behavior. The reason that this still works in the default case is, that deallocate, will call operator delete(void* ptr, std::size_t size), which in the libstdc++ implementation just calls operator delete(void* ptr) ignoring the size argument.

I think there is a fundamental issue that a STL Allocator cannot be mapped to a rcl_allocator_t struct, because the deallocate method of the STL Allocator is size-aware whereas the rcl_allocator_t struct ones is not.
@clalancette
Copy link
Contributor

Can you please just make a comment on #2220, showing your problematic behavior?

@clalancette clalancette closed this as not planned Won't fix, can't repro, duplicate, stale Jan 26, 2024
@kfabian
Copy link
Author

kfabian commented Jan 26, 2024

Everything is basically already in #2220, except the step-by-step instructions how it could be triggered.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@clalancette @kfabian