search

CESNET / libyang

YANG data modeling language library
BSD 3-Clause "New" or "Revised" License
364 stars 291 forks source link

Libyanag lyd_new_path crashes #83

Closed lukasmacko closed 8 years ago

lukasmacko commented 8 years ago

Libyang crashes when the value of existing string leaf is set to NULL

Program received signal SIGSEGV, Segmentation fault.
__strcmp_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210
210 ../sysdeps/x86_64/multiarch/../strcmp.S: No such file or directory.
(gdb) bt
#0  __strcmp_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:210
#1  0x00007ffff7136915 in lyd_change_leaf (leaf=0x74f710, val_str=0x0) at /home/lukas/playground/libyang/src/tree_data.c:433
#2  0x00007ffff71373e5 in lyd_new_path (data_tree=0x71f640, ctx=0x70b990, path=0x4c3900 "/test-module:main/string", value=0x0, options=1) at /home/lukas/playground/libyang/src/tree_data.c:758
#3  0x000000000046e5f1 in dm_lyd_new_path (dm_ctx=0x70a040, data_info=0x757c40, ctx=0x70b990, path=0x4c3900 "/test-module:main/string", value=0x0, options=1)
    at /home/lukas/workspace/sysrepo/src/data_manager.c:3146
#4  0x00000000004479a6 in rp_dt_set_item (dm_ctx=0x70a040, session=0x749600, xpath=0x4c3900 "/test-module:main/string", options=SR_EDIT_DEFAULT, value=0x724810)
    at /home/lukas/workspace/sysrepo/src/rp_dt_edit.c:409
#5  0x000000000044a53a in rp_dt_set_item_wrapper (rp_ctx=0x6f9760, session=0x74f210, xpath=0x4c3900 "/test-module:main/string", val=0x724810, opt=0) at /home/lukas/workspace/sysrepo/src/rp_dt_edit.c:563
#6  0x0000000000416f2f in empty_string_leaf_test (state=0x6f3530) at /home/lukas/workspace/sysrepo/tests/rp_dt_edit_test.c:2001
#7  0x00007ffff7bd5176 in cmocka_run_one_test_or_fixture (function_name=0x4c405f "empty_string_leaf_test", test_func=0x416e70 <empty_string_leaf_test>, setup_func=0x0, teardown_func=0x0, state=0x6f3530, 
    heap_check_point=0x0) at /home/lukas/playground/cmocka/src/cmocka.c:2534
#8  0x00007ffff7bd5423 in cmocka_run_one_tests (test_state=0x6f3520) at /home/lukas/playground/cmocka/src/cmocka.c:2642
#9  0x00007ffff7bd5835 in _cmocka_run_group_tests (group_name=0x4c40ba "tests", tests=0x4c40c0 <main.tests>, num_tests=31, group_setup=0x40f910 <setup>, group_teardown=0x40f940 <teardown>)
    at /home/lukas/playground/cmocka/src/cmocka.c:2757
#10 0x0000000000417058 in main () at /home/lukas/workspace/sysrepo/tests/rp_dt_edit_test.c:2231
michalvasko commented 8 years ago

Hi, how did you come across this problem? If you create string leaves using our functions, you should never get NULL as the value.

Regards, Michal

lukasmacko commented 8 years ago

Hi,

It is in one of our unit tests. 

#include <stdio.h>
#include <stdlib.h>
#include <libyang/libyang.h>

int main(int argc, char **argv)
{
   struct ly_ctx *ctx = ly_ctx_new(".");
   const struct lys_module *module = ly_ctx_load_module(ctx, "test-module", NULL);
   if (NULL == module) {
      return 4;
   }
   struct lyd_node *node = lyd_new_path(NULL, ctx, "/test-module:main/string", "abc", 0);

   node = lyd_new_path(node, ctx, "/test-module:main/string", NULL, LYD_PATH_OPT_UPDATE);
   lyd_free_withsiblings(node);
   ly_ctx_destroy(ctx, NULL);
   return 0;
}

Regards, Lukas

michalvasko commented 8 years ago

Hi, you are right, I introduced this issue yesterday. It should be fixed now, but your example code (correctly) leaks memory, if you use it somewhere directly.

Regards, Michal

lukasmacko commented 8 years ago

Hi,

thanks. The code is just a snippet to reproduce the bug, in the test memory is freed correctly.

Regrards, Lukas