Valgrind reports Invalid Read in protobuf & dumps core

[Suganthi chinnappan]

Hello experts,

    I am using protobuf library to report KPIs for my project. It cores in SerializationToString() under load. While running under valgrind, i found Invalid Read in protobuf code. My application is single threaded. 

 I use Reflection API to set/reset values in Map. 

Here is my proto file.

message Hi2IriStatsData

{

    message PerCFStats

    {

        string cfid = 1;                 // The CFID

        uint32 ifid = 2;                 // The IFID

        string cftype = 3;               // The CF TYPE (as configured in the CF MO table).

        string destip = 4;               

        string destport = 5;            

        uint32 total_lisco_rcvd = 10;   

        uint32 curr_lisco_rcvd  = 11;

        uint32 total_iri_dlvd = 30;    

        uint32 curr_iri_dlvd  = 31;    

        uint32 total_iri_dropped = 40;   

        uint32 curr_iri_dropped  = 41;   

        uint32 total_calls_dlvd  = 50;                                           

        uint32 curr_calls_dlvd   = 51;   

                                        

        int32  hi2_connections   = 90;   

        google.protobuf.Timestamp last_iri_dlvd_time = 110; 

    }

    message PerTargetStats

    {

        string coid     = 1;   

        uint32 tid      = 2;   

        string caseid   = 3;  

        uint32 curr_iri_dlvd    = 40;  

        uint32 curr_iri_dropped = 41;  

        uint32 curr_calls_dlvd  = 50; 

    }

    /* These are the stats */

    map<string, PerCFStats>      cf_stats  = 1;  // Key is <CFID IFID>  (i.e. cfid space and ifid)

    map<string, PerTargetStats>  tgt_stats = 5;  // Key is <coid tid>  (i.e. coid space and tid)

}

Here is my core dump

Process terminating with default action of signal 6 (SIGABRT): dumping core

==13113==    at 0xC0D2207: raise (in /usr/lib64/libc-2.17.so)

==13113==    by 0xC0D38F7: abort (in /usr/lib64/libc-2.17.so)

==13113==    by 0xB8DD7D4: __gnu_cxx::__verbose_terminate_handler() (in /usr/lib64/libstdc++.so.6.0.19)

==13113==    by 0xB8DB745: ??? (in /usr/lib64/libstdc++.so.6.0.19)

==13113==    by 0xB8DB772: std::terminate() (in /usr/lib64/libstdc++.so.6.0.19)

==13113==    by 0xB8DC2DE: __cxa_pure_virtual (in /usr/lib64/libstdc++.so.6.0.19)

==13113==    by 0x54F9DE: GetCachedSize (map_type_handler.h:324)

==13113==    by 0x54F9DE: google::protobuf::internal::MapEntryImpl<hi2iristats::common::Hi2IriStatsData_CfStatsEntry_DoNotUse, google::protobuf::Message, std::string, hi2iristats::common::Hi2IriStatsData_PerCFStats, (google::protobuf::internal::WireFormatLite::FieldType)9, (google::protobuf::internal::WireFormatLite::FieldType)11, 0>::GetCachedSize() const (map_entry_lite.h:257)

==13113==    by 0x5441C1: InternalWriteMessageNoVirtualToArray<hi2iristats::common::Hi2IriStatsData_CfStatsEntry_DoNotUse> (wire_format_lite_inl.h:979)

==13113==    by 0x5441C1: hi2iristats::common::Hi2IriStatsData::InternalSerializeWithCachedSizesToArray(bool, unsigned char*) const (kpi_hi2_iridata.pb.cc:1968)

==13113==    by 0x73797A4: google::protobuf::MessageLite::AppendPartialToString(std::string*) const (message_lite.cc:296)

==13113==    by 0x5188C9: KpiData::buildKpi(std::string&) (KpiData.C:384)

==13113==    by 0x50F0F3: KpiClientMgr::buildKpi(std::string&) (KpiClientMgr.C:731)

==13113==    by 0x50F1E3: KpiClientMgr::buildPayload(std::string&) (KpiClientMgr.C:695)

Here is my valgrind report.

==13113== Invalid read of size 8

==13113==    at 0x54F9D6: GetCachedSize (map_type_handler.h:324)

==13113==    by 0x54F9D6: google::protobuf::internal::MapEntryImpl<hi2iristats::common::Hi2IriStatsData_CfStatsEntry_DoNotUse, google::protobuf::Message, std::string, hi2iristats::common::Hi2IriStatsData_PerCFStats, (google::protobuf::internal::WireFormatLite::FieldType)9, (google::protobuf::internal::WireFormatLite::FieldType)11, 0>::GetCachedSize() const (map_entry_lite.h:257)

==13113==    by 0x5441C1: InternalWriteMessageNoVirtualToArray<hi2iristats::common::Hi2IriStatsData_CfStatsEntry_DoNotUse> (wire_format_lite_inl.h:979)

==13113==    by 0x5441C1: hi2iristats::common::Hi2IriStatsData::InternalSerializeWithCachedSizesToArray(bool, unsigned char*) const (kpi_hi2_iridata.pb.cc:1968)

==13113==    by 0x73797A4: google::protobuf::MessageLite::AppendPartialToString(std::string*) const (message_lite.cc:296)

==13113==    by 0x5188C9: KpiData::buildKpi(std::string&) (KpiData.C:384)

==13113==    by 0x50F0F3: KpiClientMgr::buildKpi(std::string&) (KpiClientMgr.C:731)

==13113==    by 0x50F1E3: KpiClientMgr::buildPayload(std::string&) (KpiClientMgr.C:695)

==13113==    by 0x51009A: KpiClientMgr::buildAndSendKpi() (KpiClientMgr.C:294)

==13113==    by 0x511287: KpiClientMgr::publishKpi() (KpiClientMgr.C:636)

==13113==    by 0x512962: KpiClientMgr::run() (KpiClientMgr.C:235)

==13113==    by 0x512D78: KpiClientMgrThreadCbk (KpiClientMgr.C:47)

==13113==    by 0x9A23DD4: start_thread (in /usr/lib64/libpthread-2.17.so)

==13113==    by 0xC199EAC: clone (in /usr/lib64/libc-2.17.so)

==13113==  Address 0xe2ddfa8 is 8 bytes inside a block of size 112 free'd

==13113==    at 0x4C2B16D: operator delete(void*) (vg_replace_malloc.c:576)

==13113==    by 0x576B58: erase (map.h:1128)

==13113==    by 0x576B58: erase (map.h:1135)

==13113==    by 0x576B58: google::protobuf::Map<std::string, hi2iristats::common::Hi2IriStatsData_PerCFStats>::clear() (map.h:1138)

==13113==    by 0x589596: google::protobuf::internal::MapField<hi2iristats::common::Hi2IriStatsData_CfStatsEntry_DoNotUse, std::string, hi2iristats::common::Hi2IriStatsData_PerCFStats, (google::protobuf::internal::WireFormatLite::FieldType)9, (google::protobuf::internal::WireFormatLite::FieldType)11, 0>::SyncMapWithRepeatedFieldNoLock() const (map_field_inl.h:307)

==13113==    by 0x73FAE20: google::protobuf::internal::MapFieldBase::SyncMapWithRepeatedField() const (map_field.cc:116)

==13113==    by 0x544177: GetMap (map_field.h:250)

==13113==    by 0x544177: cf_stats (kpi_hi2_iridata.pb.h:1230)

==13113==    by 0x544177: hi2iristats::common::Hi2IriStatsData::InternalSerializeWithCachedSizesToArray(bool, unsigned char*) const (kpi_hi2_iridata.pb.cc:1963)

==13113==    by 0x73797A4: google::protobuf::MessageLite::AppendPartialToString(std::string*) const (message_lite.cc:296)

==13113==    by 0x5188C9: KpiData::buildKpi(std::string&) (KpiData.C:384)

==13113==    by 0x50F0F3: KpiClientMgr::buildKpi(std::string&) (KpiClientMgr.C:731)

==13113==    by 0x50F1E3: KpiClientMgr::buildPayload(std::string&) (KpiClientMgr.C:695)

==13113==    by 0x51009A: KpiClientMgr::buildAndSendKpi() (KpiClientMgr.C:294)

==13113==    by 0x511287: KpiClientMgr::publishKpi() (KpiClientMgr.C:636)

==13113==    by 0x512962: KpiClientMgr::run() (KpiClientMgr.C:235)

==13113==  Block was alloc'd at

==13113==    at 0x4C2A1E3: operator new(unsigned long) (vg_replace_malloc.c:334)

==13113==    by 0x589399: CreateValueTypeInternal (map.h:1175)

==13113==    by 0x589399: google::protobuf::Map<std::string, hi2iristats::common::Hi2IriStatsData_PerCFStats>::operator[](std::string const&) (map.h:1050)

==13113==    by 0x5895DA: google::protobuf::internal::MapField<hi2iristats::common::Hi2IriStatsData_CfStatsEntry_DoNotUse, std::string, hi2iristats::common::Hi2IriStatsData_PerCFStats, (google::protobuf::internal::WireFormatLite::FieldType)9, (google::protobuf::internal::WireFormatLite::FieldType)11, 0>::SyncMapWithRepeatedFieldNoLock() const (map_field_inl.h:315)

==13113==    by 0x73FAE20: google::protobuf::internal::MapFieldBase::SyncMapWithRepeatedField() const (map_field.cc:116)

==13113==    by 0x54410B: GetMap (map_field.h:250)

==13113==    by 0x54410B: cf_stats (kpi_hi2_iridata.pb.h:1230)

==13113==    by 0x54410B: hi2iristats::common::Hi2IriStatsData::InternalSerializeWithCachedSizesToArray(bool, unsigned char*) const (kpi_hi2_iridata.pb.cc:1923)

==13113==    by 0x73797A4: google::protobuf::MessageLite::AppendPartialToString(std::string*) const (message_lite.cc:296)

==13113==    by 0x5188C9: KpiData::buildKpi(std::string&) (KpiData.C:384)

==13113==    by 0x50F0F3: KpiClientMgr::buildKpi(std::string&) (KpiClientMgr.C:731)

==13113==    by 0x50F1E3: KpiClientMgr::buildPayload(std::string&) (KpiClientMgr.C:695)

==13113==    by 0x51009A: KpiClientMgr::buildAndSendKpi() (KpiClientMgr.C:294)

==13113==    by 0x511287: KpiClientMgr::publishKpi() (KpiClientMgr.C:636)

==13113==    by 0x512962: KpiClientMgr::run() (KpiClientMgr.C:235)

==13113==

Any help would be appreciated.

[Adam Cozzette]

Could you file an issue on our GitHub project? From what I understand, map fields are represented in a special way when they are accessed reflectively and there is some special logic for syncing the reflection representation with the ordinary representation. That logic is a bit complicated so it is possible there is a bug somewhere.

--
You received this message because you are subscribed to the Google Groups "Protocol Buffers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to protobuf+u...@googlegroups.com.
To post to this group, send email to prot...@googlegroups.com.
Visit this group at https://groups.google.com/group/protobuf.
To view this discussion on the web visit https://groups.google.com/d/msgid/protobuf/4833e03a-3f85-4d41-ac61-2e4b3d0b3ac8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.