Skip to content

Fix heap corruption in dui.c

James Cameron requested to merge hgsi into master

(@tjf, please code review. With this commit, all invalid writes are fixed for the test case of starting the Hector Control Task without a configuration file. Once I begin to simulate properly, hopefully no more will be found, but we'll see.)

Valgrind did report a write to free'd heap, which was caused by the DuiDetailsStruct being written to after the complete handler had free'd it.

Fixed by calling complete handler after all writes.

Invalid write of size 8
   at: Dui___HandleResponse (dui.c:778)
   by: Dits___MsgInvokeUfaceResponse (ditsmsg.c:3252)
   by: Dits___MsgInvokeObey (ditsmsg.c:3667)
   by: Dits___MsgRespond (ditsmsg.c:2877)
   by: DitsMsgReceive (ditsmsg.c:5133)
   by: DtclInputFromDits (dtcltk.c:851)
   by: ??? (in /usr/lib/x86_64-linux-gnu/libtcl8.6.so)
   by: Tcl_ServiceEvent (in /usr/lib/x86_64-linux-gnu/libtcl8.6.so)
   by: Tcl_DoOneEvent (in /usr/lib/x86_64-linux-gnu/libtcl8.6.so)
   by: DtclTk___EventLoop (dtcltk.c:1019)
   by: DtclAppTkMainLoop (dtcltk.c:790)
   by: main (tdfct_main.C:526)

 Address 0x91328d8 is 72 bytes inside a block of size 320 free'd
   at: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
   by: DtclComplete (dtclcommand.c:534)
   by: Dui___HandleResponse (dui.c:767)
   by: Dits___MsgInvokeUfaceResponse (ditsmsg.c:3252)
   by: Dits___MsgInvokeObey (ditsmsg.c:3667)
   by: Dits___MsgRespond (ditsmsg.c:2877)
   by: DitsMsgReceive (ditsmsg.c:5133)
   by: DtclInputFromDits (dtcltk.c:851)
   by: ??? (in /usr/lib/x86_64-linux-gnu/libtcl8.6.so)
   by: Tcl_ServiceEvent (in /usr/lib/x86_64-linux-gnu/libtcl8.6.so)
   by: Tcl_DoOneEvent (in /usr/lib/x86_64-linux-gnu/libtcl8.6.so)
   by: DtclTk___EventLoop (dtcltk.c:1019)

 Block was alloc'd at
   at: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
   by: DtclExecute (dtclcommand.c:3959)
   by: TclInvokeStringCommand (in /usr/lib/x86_64-linux-gnu/libtcl8.6.so)
   by: TclNRRunCallbacks (in /usr/lib/x86_64-linux-gnu/libtcl8.6.so)
   by: ??? (in /usr/lib/x86_64-linux-gnu/libtcl8.6.so)
   by: Tcl_FSEvalFileEx (in /usr/lib/x86_64-linux-gnu/libtcl8.6.so)
   by: Tcl_EvalFile (in /usr/lib/x86_64-linux-gnu/libtcl8.6.so)
   by: DtclAppTkMainLoop (dtcltk.c:733)
   by: main (tdfct_main.C:526)

Control task has been terminating frequently without obvious cause, often citing "XIO: fatal IO error 0 (Success)", on both the instrument workstation and a development container.

Control task has also been mysteriously issuing RESET to PTCS when asked to RESET the ADC task.

Merge request reports