Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WiFiUDP::parsePacket() SegFault on memory allocation (Stale Issue #4104) #7845

Closed
1 task done
DamronDan opened this issue Feb 14, 2023 · 7 comments
Closed
1 task done

WiFiUDP::parsePacket() SegFault on memory allocation (Stale Issue #4104) #7845

DamronDan opened this issue Feb 14, 2023 · 7 comments
Labels
Status: Solved

Comments

@DamronDan
Copy link

Board

ESP32

Device Description

quinled board from quinled.info

Hardware Configuration

WiFi, using UDP with high throughput

Version

latest master (checkout manually)

IDE Name

PlatformIO

Operating System

Windows 10

Flash frequency

using OTA

PSRAM enabled

yes

Upload speed

using OTA

Description

UDP packet usage, WiFiUDP::parsePacket() dynamically allocates buffer memory. When traffic is high, a segfault occurs on the memory allocation.

Sketch

I just call udp.parsepacket()

This only occurs if i send several Artnet Universes : 32 packets of 530 bytes instantly crashes.

Debug Message

abort() was called at PC 0x401b6b8b on core 1



ELF file SHA256: 0000000000000000



Backtrace: 0x4008fc54:0x3ffd9930 0x4008fed1:0x3ffd9950 0x401b6b8b:0x3ffd9970 0x401b6bd2:0x3ffd9990 0x401b62ab:0x3ffd99b0 0x401b65e2:0x3ffd99d0 0x401b6349:0x3ffd99f0 0x40108fb7:0x3ffd9a10 0x40126d66:0x3ffd9a50 0x400fb9b6:0x3ffd9a70 0x400fbeae:0x3ffd9ae0 0x4012b835:0x3ffd9b00 0x400919c6:0x3ffd9b20

  #0  0x4008fc54:0x3ffd9930 in invoke_abort at /home/runner/work/esp32-arduino-lib-builder/esp32-arduino-lib-builder/esp-idf/components/esp32/panic.c:715
  #1  0x4008fed1:0x3ffd9950 in abort at /home/runner/work/esp32-arduino-lib-builder/esp32-arduino-lib-builder/esp-idf/components/esp32/panic.c:715
  #2  0x401b6b8b:0x3ffd9970 in __cxxabiv1::__terminate(void (*)()) at /builds/idf/crosstool-NG/.build/src/gcc-5.2.0/libstdc++-v3/libsupc++/eh_terminate.cc:112
  #3  0x401b6bd2:0x3ffd9990 in std::terminate() at /builds/idf/crosstool-NG/.build/src/gcc-5.2.0/libstdc++-v3/libsupc++/eh_terminate.cc:112
  #4  0x401b62ab:0x3ffd99b0 in __cxa_throw at /builds/idf/crosstool-NG/.build/src/gcc-5.2.0/libstdc++-v3/libsupc++/eh_throw.cc:87
  #5  0x401b65e2:0x3ffd99d0 in operator new(unsigned int) at /builds/idf/crosstool-NG/.build/src/gcc-5.2.0/libstdc++-v3/libsupc++/new_op.cc:54
  #6  0x401b6349:0x3ffd99f0 in operator new[](unsigned int) at /builds/idf/crosstool-NG/.build/src/gcc-5.2.0/libstdc++-v3/libsupc++/new_opv.cc:32
  #7  0x40108fb7:0x3ffd9a10 in WiFiUDP::parsePacket() at C:\Users\DanDamron\.platformio\packages\framework-arduinoespressif32\cores\esp32/Udp.h:46
  #8  0x40126d66:0x3ffd9a50 in ArduinoOTAClass::handle() at C:/Users/DanDamron/.platformio/packages/framework-arduinoespressif32/libraries/ArduinoOTA/src/ArduinoOTA.cpp:379
  #9  0x400fb9b6:0x3ffd9a70 in WLED::loop() at wled00/bus_manager.h:93
  #10 0x400fbeae:0x3ffd9ae0 in loop() at C:/Users/DanDamron/Documents/github/Watts2.0-OnChip/wled00/wled00.ino:20
  #11 0x4012b835:0x3ffd9b00 in loopTask(void*) at C:\Users\DanDamron\.platformio\packages\framework-arduinoespressif32\cores\esp32/main.cpp:23
  #12 0x400919c6:0x3ffd9b20 in vPortTaskWrapper at /home/runner/work/esp32-arduino-lib-builder/esp32-arduino-lib-builder/esp-idf/components/freertos/port.c:355 (discriminator 1)

Other Steps to Reproduce

Flood the wifi with UDP packets.

I have found a stale issue with same problem,

WiFiUDP::parsePacket() CRASH #4104

however that issue went stale. Opening this issue to correct problem.

I have checked existing issues, online documentation and the Troubleshooting Guide

  • I confirm I have checked existing issues, online documentation and Troubleshooting guide.
@DamronDan DamronDan added the Status: Awaiting triage Issue is waiting for triage label Feb 14, 2023
@DamronDan
Copy link
Author

I have the fix ready to push once a branch is created.

@DamronDan
Copy link
Author 

int WiFiUDP::parsePacket(){
  if(rx_buffer)
    return 0;
  struct sockaddr_in si_other;
  int slen = sizeof(si_other) , len;
  char buf[1460];
  if ((len = recvfrom(udp_server, buf, 1460, MSG_DONTWAIT, (struct sockaddr *) &si_other, (socklen_t *)&slen)) == -1){
    if(errno == EWOULDBLOCK){
      return 0;
    }
  log_e("could not receive data: %d", errno);
  return 0;
  }
  remote_ip = IPAddress(si_other.sin_addr.s_addr);
  remote_port = ntohs(si_other.sin_port);
  if (len > 0) {
    rx_buffer = new cbuf(len);
    rx_buffer->write(buf, len);
  }
  return len;
}

@mrengineer7777
Copy link
Collaborator

Duplicate of #7558. Looks like Dave never submitted a PR. I'll create one.

@mrengineer7777 mrengineer7777 mentioned this issue Feb 14, 2023
Merged
@mrengineer7777
Copy link
Collaborator

@DamronDan Your fix changes the heap memory allocation for buf into a local variable. This may still cause a crash. See my PR for a better way. Please test the PR and see if that resolves your issue. Thanks!

@DamronDan
Copy link
Author

@mrengineer7777 Yes, I see that as well. I will try your changes and report back.

Thank you!

@VojtechBartoska VojtechBartoska added Status: In Progress Issue is in progress and removed Status: Awaiting triage Issue is waiting for triage labels Feb 16, 2023
@mrengineer7777
Copy link
Collaborator

@DamronDan How goes the testing?

@DamronDan
Copy link
Author

Testing is proceeding, ran into other issues, but should be able to report back today.

@mrengineer7777 mrengineer7777 added Status: Solved and removed Status: In Progress Issue is in progress labels Apr 12, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Status: Solved
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mrengineer7777 @VojtechBartoska @DamronDan