Author
|
Message
|
Veteran Member
Join Date: Feb 2011
Location: Stockholm, Sweden
|
05-17-2016
, 12:55
socket_recv() crash when stressing
|
#1
|
You can ignore this, but I'll leave it for the sake of "new x[]" vs. "malloc()" for Arkshine to consider. However I realize that it might not have crashed if I hand't sent it a negative number...
The problem was that when using chunked transfers it passed the next size marker and I tried to allocate -166B. I feel like a moron now.
Spoiler
I'm stressing my HTTP thingy by running and restarting it and the server keeps crashing randomly.
I have traced it down to this line inside socket_recv():
Code:
// native socket_recv(_socket, _data[], _length);
static cell AMX_NATIVE_CALL socket_recv (AMX *amx, cell *params ) /* 2 param */
{
int socket = params [1];
int length = params [3];
int tmp = -1;
// First we dynamicly allocate a block of heap memory for recieving our data
char *tmpchar = new char[length]; if(tmpchar == NULL) return -1; // If we didn't got a block, we have to quit here to avoid sigsegv
// And set it all to 0, because the memory could contain old trash
memset (tmpchar, 0, length );
// Now we recieve
tmp = recv (socket, tmpchar, length -1, 0);
if (tmp == -1)
{
delete [] tmpchar;
return -1;
}
// And put a copy of our recieved data into amx's string
tmpchar [tmp ]= '\0';
int nlen = 0;
//int max = params[3];
int max = length -1;
const char* src = tmpchar;
cell* dest = MF_GetAmxAddr (amx,params [2]);
while(max--&&nlen<tmp ){
*dest++ = (cell )*src++;
nlen++;
}
*dest = 0;
// And we need to free up the space to avoid wasting memory
delete [] tmpchar;
// And finnally, return the what recv returnd
return tmp;
}
If I can remember correctly I think there's a #pragma to increase the memory allocated to a plugin. Would that fix the problem? I'm assuming no since this is inside the module, but I don't understand scripting fully at this low level. Is there a better approach?
Is this considered a bug or am I doing something wrong?
I have included all the files required for testing.
This is what I changed in the .dll:
Spoiler
Code:
// native socket_recv(_socket, _data[], _length);
static cell AMX_NATIVE_CALL socket_recv (AMX *amx, cell *params ) /* 2 param */
{
MF_Log("socket_recv():1"); int socket = params [1];
int length = params [3];
int tmp = -1;
MF_Log("socket_recv():2"); // First we dynamicly allocate a block of heap memory for recieving our data
char *tmpchar = new char [length ];
MF_Log("socket_recv():3"); if(tmpchar == NULL) return -1; // If we didn't got a block, we have to quit here to avoid sigsegv
// And set it all to 0, because the memory could contain old trash
MF_Log("socket_recv():4"); memset (tmpchar, 0, length );
// Now we recieve
MF_Log("socket_recv():5"); tmp = recv (socket, tmpchar, length -1, 0);
MF_Log("socket_recv():6"); if (tmp == -1)
{
delete [] tmpchar;
return -1;
}
MF_Log("socket_recv():7"); // And put a copy of our recieved data into amx's string
tmpchar [tmp ]= '\0';
int nlen = 0;
//int max = params[3];
int max = length -1;
const char* src = tmpchar;
MF_Log("socket_recv():8"); cell* dest = MF_GetAmxAddr (amx,params [2]);
MF_Log("socket_recv():9"); while(max--&&nlen<tmp ){
*dest++ = (cell )*src++;
nlen++;
}
MF_Log("socket_recv():10"); *dest = 0;
MF_Log("socket_recv():11"); // And we need to free up the space to avoid wasting memory
delete [] tmpchar;
MF_Log("socket_recv():12"); // And finnally, return the what recv returnd
return tmp;
}
Here's the typical output when the error occurs:
Edit:
I switched out...
Code:
char *tmpchar = new char[length];
... to...
Code:
char *tmpchar = (char*)malloc(sizeof(char) * length);
...which avoided the crash. But the allocation still fails randomly. It also seems to have increased the frequency of the problem.
I have about 12GB of memory free.
__________________
Last edited by Black Rose; 05-17-2016 at 15:58.
|
|
|
|