node-webrtc / node-webrtc

node-webrtc is a Node.js Native Addon that provides bindings to WebRTC M87
Other
2.73k stars 459 forks source link

node/wrtc segfaults when sending arraybuffers on data channel #142

Closed devnullmail closed 9 years ago

devnullmail commented 10 years ago

use the following program to reproduce. only occurs when sending ArrayBuffer messages (btw, thanks for your great work!)

#!/usr/bin/node
/* creates a data channel between two peer connections and sends binary messages
 * program will segfault after ~4000 messages
 * reproducible with nodejs-0.10.31 & wrtc-0.0.29
 */
var servers = null, options = {optional: [{DtlsSrtpKeyAgreement:true}]};
var rx, tx, tx_channel;

/* receiving peer */

rx = new (require('wrtc').RTCPeerConnection)(servers, options);
rx.onicecandidate = function(event){
  if (event.candidate)
    tx.addIceCandidate(event.candidate);
};
rx.ondatachannel = function(event){
  var rx_channel = event.channel;
  rx_channel.onmessage = function(event){
    console.log('receieve message: ' + Uint32Array(event.data)[0]);
  };
};

/* sending peer */

var counter = 0; /* we stuff a counter in each message */

tx = new (require('wrtc').RTCPeerConnection)(servers, options);
tx.onicecandidate = function(event){
  if (event.candidate)
    rx.addIceCandidate(event.candidate);
};

tx_channel = tx.createDataChannel("DataChannel", {reliable: false});
tx_channel.onopen = function(){
  /* when data channel is open, send lots of binary data */
  setInterval(function(){
      var raw = new ArrayBuffer(4);
      Uint32Array(raw)[0] = counter++;
      tx_channel.send(raw);
    }, 1);
};

tx.createOffer(function(desc){
  tx.setLocalDescription(desc);
  rx.setRemoteDescription(desc, null, console.log);
  rx.createAnswer(function(desc){
    rx.setLocalDescription(desc);
    tx.setRemoteDescription(desc, null, console.log);
    }, console.log);
  }, console.log);
devnullmail commented 10 years ago

github has messed up formatting. verbatim copy here:

http://pastebin.com/raw.php?i=q62j9UGa

modeswitch commented 10 years ago

Thanks for reporting this. I'll have a look.

modeswitch commented 10 years ago

Confirmed on my local machine.

modeswitch commented 10 years ago
#0  0x00007ffff59e2887 in raise () from /lib64/libc.so.6
#1  0x00007ffff59e3f78 in abort () from /lib64/libc.so.6
#2  0x00007ffff5a22ad4 in __libc_message () from /lib64/libc.so.6
#3  0x00007ffff5ab39e7 in __fortify_fail () from /lib64/libc.so.6
#4  0x00007ffff5ab39b0 in __stack_chk_fail () from /lib64/libc.so.6
warning: Could not find DWO CU /home/ack/.ccache/6/5/139fa1a6f8899ad01b10d08f5e0ece-79933.o.tmp.rubick.30529.dwo(0x27d5bb5483a53dc9) referenced by CU at offset 0x781ff [in module /home/ack/work/node-webrtc/lib/binding/wrtc.node]
#5  0x00007ffff1a6aac9 in stat_test_rand_source () at ../../third_party/libsrtp/srtp/crypto/math/stat.c:386
#6  0x00007ffff1a6aaf6 in stat_test_rand_source_with_repetition () at ../../third_party/libsrtp/srtp/crypto/math/stat.c:394
warning: Could not find DWO CU /home/ack/.ccache/4/6/0f00e34aacc7f7bf72a9f37c58411e-99394.o.tmp.rubick.30292.dwo(0x9cebc249ff010383) referenced by CU at offset 0x77f03 [in module /home/ack/work/node-webrtc/lib/binding/wrtc.node]
#7  0x00007ffff1a68676 in crypto_kernel_init () at ../../third_party/libsrtp/srtp/crypto/kernel/crypto_kernel.c:146
warning: Could not find DWO CU /home/ack/.ccache/3/5/cda440d333463065ce48fbaaec1bbd-140013.o.tmp.rubick.30300.dwo(0xd41922200b378ad0) referenced by CU at offset 0x77c06 [in module /home/ack/work/node-webrtc/lib/binding/wrtc.node]
#8  0x00007ffff1a661eb in srtp_init () at ../../third_party/libsrtp/srtp/srtp/srtp.c:1266
warning: Could not find DWO CU /home/ack/.ccache/5/3/1a77c762dd4778b2a4ebf59a001aa6-1260236.o.tmp.rubick.18517.dwo(0x74910ca3dbfd07d5) referenced by CU at offset 0x5d48f [in module /home/ack/work/node-webrtc/lib/binding/wrtc.node]
#9  0x00007ffff15adf5d in cricket::SrtpSession::Init() () at ../../talk/session/media/srtpfilter.cc:697
#10 0x00007ffff15adb3b in cricket::SrtpSession::SetKey(int, std::string const&, unsigned char const*, int) () at ../../talk/session/media/srtpfilter.cc:640
#11 0x00007ffff15acc36 in cricket::SrtpSession::SetSend(std::string const&, unsigned char const*, int) () at ../../talk/session/media/srtpfilter.cc:487
#12 0x00007ffff15aabc3 in cricket::SrtpFilter::SetRtpParams(std::string const&, unsigned char const*, int, std::string const&, unsigned char const*, int) () at ../../talk/session/media/srtpfilter.cc:158
warning: Could not find DWO CU /home/ack/.ccache/b/d/68322c7a1dc65236bf6cb940d20e09-1723232.o.tmp.rubick.13734.dwo(0xbd0b9a90470666c5) referenced by CU at offset 0x5d00a [in module /home/ack/work/node-webrtc/lib/binding/wrtc.node]
#13 0x00007ffff1517442 in cricket::BaseChannel::SetupDtlsSrtp(bool) () at ../../talk/session/media/channel.cc:870
#14 0x00007ffff151688b in cricket::BaseChannel::ChannelWritable_w() () at ../../talk/session/media/channel.cc:737
#15 0x00007ffff15144fc in cricket::BaseChannel::OnWritableState(cricket::TransportChannel*) () at ../../talk/session/media/channel.cc:374
#16 0x00007ffff1561517 in sigslot::_connection1::emit(cricket::TransportChannel*) () at ../../talk/base/sigslot.h:1852
#17 0x00007ffff1472801 in sigslot::signal1::operator() (warning: Could not find DWO CU /home/ack/.ccache/5/e/7472f45b9cd382f2c187f8aa4d44e2-1293756.o.tmp.rubick.10802.dwo(0x6fae3125619516a2) referenced by CU at offset 0x5df03 [in module /home/ack/work/node-webrtc/lib/binding/wrtc.node]
this=0x7fffc801ada0, a1=0x7fffc801ad10) at ../../talk/base/sigslot.h:2346
#18 0x00007ffff160bfe2 in cricket::TransportChannel::set_writable(bool) () at ../../talk/p2p/base/transportchannel.cc:56
warning: Could not find DWO CU /home/ack/.ccache/b/2/09b2cb956fa6acd8d7f604af76bb76-1311298.o.tmp.rubick.10896.dwo(0x342fa26184a8e2c3) referenced by CU at offset 0x5cd08 [in module /home/ack/work/node-webrtc/lib/binding/wrtc.node]
#19 0x00007ffff14e43f0 in cricket::TransportChannelProxy::OnWritableState(cricket::TransportChannel*) () at ../../talk/p2p/base/transportchannelproxy.cc:232
#20 0x00007ffff14ec415 in sigslot::_connection1::emit(cricket::TransportChannel*) () at ../../talk/base/sigslot.h:1852
#21 0x00007ffff1472801 in sigslot::signal1::operator() (this=0x7fffc801f4f0, a1=0x7fffc801f460) at ../../talk/base/sigslot.h:2346
#22 0x00007ffff160bfe2 in cricket::TransportChannel::set_writable(bool) () at ../../talk/p2p/base/transportchannel.cc:56
warning: Could not find DWO CU /home/ack/.ccache/c/a/80fae206611876aa98f6bf10e941d7-1329087.o.tmp.rubick.15295.dwo(0x239c6a2a395e0d49) referenced by CU at offset 0x5d792 [in module /home/ack/work/node-webrtc/lib/binding/wrtc.node]
#23 0x00007ffff15bcece in cricket::DtlsTransportChannelWrapper::OnDtlsEvent(talk_base::StreamInterface*, int, int) () at ../../talk/p2p/base/dtlstransportchannel.cc:534
#24 0x00007ffff15c46d2 in sigslot::_connection3::emit(talk_base::StreamInterface*, int, int) () at ../../talk/base/sigslot.h:1944
#25 0x00007ffff15be235 in sigslot::signal3::operator()(talk_base::StreamInterface*, int, int) () at ../../talk/base/sigslot.h:2477
warning: Could not find DWO CU /home/ack/.ccache/e/d/f8159cbe298abc0fc52f45216a31fe-1220404.o.tmp.rubick.12939.dwo(0x90f719bfb38a603) referenced by CU at offset 0x6091b [in module /home/ack/work/node-webrtc/lib/binding/wrtc.node]
#26 0x00007ffff174e3de in talk_base::StreamAdapterInterface::OnEvent(talk_base::StreamInterface*, int, int) () at ../../talk/base/stream.h:338
warning: Could not find DWO CU /home/ack/.ccache/4/6/9dfad42973766ffcab00f5b0ae36c6-1521348.o.tmp.rubick.11391.dwo(0xa7b8e281e5a7f36d) referenced by CU at offset 0x61a33 [in module /home/ack/work/node-webrtc/lib/binding/wrtc.node]
#27 0x00007ffff177ef93 in talk_base::NSSStreamAdapter::ContinueSSL() () at ../../talk/base/nssstreamadapter.cc:576
#28 0x00007ffff177fa12 in talk_base::NSSStreamAdapter::OnEvent(talk_base::StreamInterface*, int, int) () at ../../talk/base/nssstreamadapter.cc:744
#29 0x00007ffff1750ad8 in sigslot::_connection3::emit(talk_base::StreamInterface*, int, int) () at ../../talk/base/sigslot.h:1944
#30 0x00007ffff15be235 in sigslot::signal3::operator()(talk_base::StreamInterface*, int, int) () at ../../talk/base/sigslot.h:2477
#31 0x00007ffff15b9eb5 in cricket::StreamInterfaceChannel::OnPacketReceived(char const*, unsigned long) () at ../../talk/p2p/base/dtlstransportchannel.cc:88
#32 0x00007ffff15bd62a in cricket::DtlsTransportChannelWrapper::HandleDtlsPacket(char const*, unsigned long) () at ../../talk/p2p/base/dtlstransportchannel.cc:594
#33 0x00007ffff15bc7e8 in cricket::DtlsTransportChannelWrapper::OnReadPacket(cricket::TransportChannel*, char const*, unsigned long, talk_base::PacketTime const&, int) () at ../../talk/p2p/base/dtlstransportchannel.cc:484
#34 0x00007ffff15c4e14 in sigslot::_connection5::emit(cricket::TransportChannel*, char const*, unsigned long, talk_base::PacketTime const&, int) () at ../../talk/base/sigslot.h:2047
#35 0x00007ffff14e51c4 in sigslot::signal5::operator()(cricket::TransportChannel*, char const*, unsigned long, talk_base::PacketTime const&, int) () at ../../talk/base/sigslot.h:2616
warning: Could not find DWO CU /home/ack/.ccache/f/3/09a563e45f5ed15940947d0ac715d7-1410061.o.tmp.rubick.14569.dwo(0xe1b4d4ca11d241d3) referenced by CU at offset 0x5d914 [in module /home/ack/work/node-webrtc/lib/binding/wrtc.node]
#36 0x00007ffff15ce483 in cricket::P2PTransportChannel::OnReadPacket(cricket::Connection*, char const*, unsigned long, talk_base::PacketTime const&) () at ../../talk/p2p/base/p2ptransportchannel.cc:1282
#37 0x00007ffff15e48a6 in sigslot::_connection4::emit(cricket::Connection*, char const*, unsigned long, talk_base::PacketTime const&) () at ../../talk/base/sigslot.h:1993
warning: Could not find DWO CU /home/ack/.ccache/1/5/6d9dc045fc072c7187c253dcebb02c-1399723.o.tmp.rubick.14920.dwo(0xf7ac0c02ef0b4674) referenced by CU at offset 0x5c726 [in module /home/ack/work/node-webrtc/lib/binding/wrtc.node]
#38 0x00007ffff144d6cb in sigslot::signal4::operator()(cricket::Connection*, char const*, unsigned long, talk_base::PacketTime const&) ()
    at ../../talk/base/sigslot.h:2544
#39 0x00007ffff1446d22 in cricket::Connection::OnReadPacket(char const*, unsigned long, talk_base::PacketTime const&) () at ../../talk/p2p/base/port.cc:960
#40 0x00007ffff1602c3e in cricket::UDPPort::OnReadPacket (warning: Could not find DWO CU /home/ack/.ccache/b/d/6d912961829266e7661df4b0cdd816-1407508.o.tmp.rubick.11576.dwo(0xfcd20be4049be10c) referenced by CU at offset 0x5cf49 [in module /home/ack/work/node-webrtc/lib/binding/wrtc.node]
this=0x7fffc8025bf0, socket=0x7fffc8020860, data=0x7fffc8084280 "\024\376\377", size=91, remote_addr=..., packet_time=...) at ../../talk/p2p/base/stunport.cc:268
#41 0x00007ffff14f5894 in cricket::UDPPort::HandleIncomingPacket(talk_base::AsyncPacketSocket*, char const*, unsigned long, talk_base::SocketAddress const&, talk_base::PacketTime const&) () at ../../talk/p2p/base/stunport.h:103
#42 0x00007ffff14f492a in cricket::AllocationSequence::OnReadPacket(talk_base::AsyncPacketSocket*, char const*, unsigned long, talk_base::SocketAddress const&, talk_base::PacketTime const&) () at ../../talk/p2p/client/basicportallocator.cc:1061
#43 0x00007ffff150ce14 in sigslot::_connection5::emit(talk_base::AsyncPacketSocket*, char const*, unsigned long, talk_base::SocketAddress const&, talk_base::PacketTime const&) () at ../../talk/base/sigslot.h:2047
warning: Could not find DWO CU /home/ack/.ccache/c/c/465bb4e94db5a215f9c9421f3813ad-1078634.o.tmp.rubick.15219.dwo(0x99aa7476e93ba7ad) referenced by CU at offset 0x5d6d1 [in module /home/ack/work/node-webrtc/lib/binding/wrtc.node]
#44 0x00007ffff15b7ae0 in sigslot::signal5::operator()(talk_base::AsyncPacketSocket*, char const*, unsigned long, talk_base::SocketAddress const&, talk_base::PacketTime const&) () at ../../talk/base/sigslot.h:2616
#45 0x00007ffff16fdce9 in talk_base::AsyncUDPSocket::OnReadEvent (this=0x7fffc8020860, socket=0x7fffc8020638) at ../../talk/base/asyncudpsocket.cc:132
#46 0x00007ffff16fdf61 in sigslot::_connection1::emit (this=0x7fffc8030810, a1=0x7fffc8020638) at ../../talk/base/sigslot.h:1852
#47 0x00007ffff16f0501 in sigslot::signal1::operator() (warning: Could not find DWO CU /home/ack/.ccache/1/8/703652871db314cbf4ee3224f60986-1256818.o.tmp.rubick.11640.dwo(0xbe15b658c93780d5) referenced by CU at offset 0x600d8 [in module /home/ack/work/node-webrtc/lib/binding/wrtc.node]
this=0x7fffc8020640, a1=0x7fffc8020638) at ../../talk/base/sigslot.h:2346
#48 0x00007ffff172f1e3 in talk_base::SocketDispatcher::OnEvent(unsigned int, int) () at ../../talk/base/physicalsocketserver.cc:910
#49 0x00007ffff172bbaa in talk_base::PhysicalSocketServer::Wait(int, bool) () at ../../talk/base/physicalsocketserver.cc:1424
warning: Could not find DWO CU /home/ack/.ccache/9/c/11c2bf26b65949eb8782d422e4c113-1145821.o.tmp.rubick.10595.dwo(0xd390f3a7fa53935c) referenced by CU at offset 0x5fdd5 [in module /home/ack/work/node-webrtc/lib/binding/wrtc.node]
#50 0x00007ffff170d2fc in talk_base::MessageQueue::Get(talk_base::Message*, int, bool) () at ../../talk/base/messagequeue.cc:271
warning: Could not find DWO CU /home/ack/.ccache/f/4/c9cee4e67ebd44648521acc1c7b12c-1164303.o.tmp.rubick.13547.dwo(0x14e66b7aa998b6df) referenced by CU at offset 0x60c1d [in module /home/ack/work/node-webrtc/lib/binding/wrtc.node]
#51 0x00007ffff1756001 in talk_base::Thread::ProcessMessages(int) () at ../../talk/base/thread.cc:508
#52 0x00007ffff1755909 in talk_base::Thread::Run() () at ../../talk/base/thread.cc:370
#53 0x00007ffff175588b in talk_base::Thread::PreRun(void*) () at ../../talk/base/thread.cc:358
#54 0x00007ffff5d72f35 in start_thread () from /lib64/libpthread.so.0
#55 0x00007ffff5aa1c3d in clone () from /lib64/libc.so.6
modeswitch commented 10 years ago

I get another crash as well:

Error(channel.cc:528): Can't send outgoing RTCP packet when SRTP is inactive and crypto is required
Error(common.cc:76): ../../talk/session/media/channel.cc(531): ASSERT FAILED: false @ SendPacket
Program received signal SIGTRAP, Trace/breakpoint trap.
[Switching to Thread 0x7fffeae7a700 (LWP 6102)]
0x00007ffff5d7a5eb in raise () from /lib64/libpthread.so.0
(gdb) bt
warning: Could not find DWO CU /home/ack/.ccache/1/9/504006e954c881b7fdb7fe21ff6659-799941.o.tmp.rubick.10157.dwo(0x98fc703ad6f4b25e) referenced by CU at offset 0x5f728 [in module /home/ack/work/node-webrtc/lib/binding/wrtc.node]
#0  0x00007ffff5d7a5eb in raise () from /lib64/libpthread.so.0
#1  0x00007ffff1700a4e in talk_base::Break() () at ../../talk/base/common.cc:59
#2  0x00007ffff132557b in talk_base::Assert (warning: Could not find DWO CU /home/ack/.ccache/b/d/68322c7a1dc65236bf6cb940d20e09-1723232.o.tmp.rubick.13734.dwo(0xbd0b9a90470666c5) referenced by CU at offset 0x5d00a [in module /home/ack/work/node-webrtc/lib/binding/wrtc.node]
result=false, function=0x7ffff1c3d195  "SendPacket", 
    file=0x7ffff1c3bee8 "../../talk/session/media/channel.cc", line=531, expression=0x7ffff1c3c07d "false") at ../third_party/libwebrtc/trunk/talk/base/common.h:129
#3  0x00007ffff1515016 in cricket::BaseChannel::SendPacket(bool, talk_base::Buffer*, talk_base::DiffServCodePoint) () at ../../talk/session/media/channel.cc:531
#4  0x00007ffff1519a30 in cricket::BaseChannel::OnMessage(talk_base::Message*) () at ../../talk/session/media/channel.cc:1229
#5  0x00007ffff151bd79 in cricket::VoiceChannel::OnMessage(talk_base::Message*) () at ../../talk/session/media/channel.cc:1592
warning: Could not find DWO CU /home/ack/.ccache/9/c/11c2bf26b65949eb8782d422e4c113-1145821.o.tmp.rubick.10595.dwo(0xd390f3a7fa53935c) referenced by CU at offset 0x5fdd5 [in module /home/ack/work/node-webrtc/lib/binding/wrtc.node]
#6  0x00007ffff170db34 in talk_base::MessageQueue::Dispatch(talk_base::Message*) () at ../../talk/base/messagequeue.cc:401
warning: Could not find DWO CU /home/ack/.ccache/f/4/c9cee4e67ebd44648521acc1c7b12c-1164303.o.tmp.rubick.13547.dwo(0x14e66b7aa998b6df) referenced by CU at offset 0x60c1d [in module /home/ack/work/node-webrtc/lib/binding/wrtc.node]
#7  0x00007ffff1756042 in talk_base::Thread::ProcessMessages(int) () at ../../talk/base/thread.cc:510
#8  0x00007ffff1755909 in talk_base::Thread::Run() () at ../../talk/base/thread.cc:370
#9  0x00007ffff175588b in talk_base::Thread::PreRun(void*) () at ../../talk/base/thread.cc:358
#10 0x00007ffff5d72f35 in start_thread () from /lib64/libpthread.so.0
#11 0x00007ffff5aa1c3d in clone () from /lib64/libc.so.6
cjb commented 10 years ago

@modeswitch Just in case it's helpful (if it's unclear whether the leak is on our side or the API's), here's a simple WebRTC API C++ program that can speak SDP and datachannels:

http://printf.net/webrtc-cmd.patch

Usage: init -> offer -> print -> reply -> (generate answer on other side and paste it in here) -> chat

modeswitch commented 9 years ago

This needs to be retested, and closed if it's not reproducible.

devnullmail commented 9 years ago

segfault reproducible with nodejs-0.12 & wrtc-0.0.49

modeswitch commented 9 years ago

@devnull could you paste the backtrace?

devnullmail commented 9 years ago

Thank, Can you tell me how to rebuild wrtc with debug symbols? I currently use `npm install wrtc'

GDB

Starting program: /home/user/workspace/node-v0.12.0-linux-x64/bin/node segfault.js [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". [New Thread 0x7ffff6bbe700 (LWP 8542)] [New Thread 0x7ffff7ff5700 (LWP 8543)] [New Thread 0x7ffff7fe4700 (LWP 8544)] [New Thread 0x7ffff7fc3700 (LWP 8545)] [New Thread 0x7ffff4c5a700 (LWP 8546)] [New Thread 0x7fffeffff700 (LWP 8547)] [New Thread 0x7fffef7fe700 (LWP 8548)] [New Thread 0x7fffeeffd700 (LWP 8549)] [New Thread 0x7fffee7fc700 (LWP 8550)] [New Thread 0x7fffedffb700 (LWP 8551)] [New Thread 0x7fffed7fa700 (LWP 8552)] [New Thread 0x7fffecbd8700 (LWP 8553)] [Thread 0x7fffed7fa700 (LWP 8552) exited] [Thread 0x7fffecbd8700 (LWP 8553) exited]

Program received signal SIGSEGV, Segmentation fault. __memcpy_sse2_unaligned () at ../sysdeps/x86_64/multiarch/memcpy-sse2-unaligned.S:33 33 ../sysdeps/x86_64/multiarch/memcpy-sse2-unaligned.S: No such file or directory. (gdb) bt

0 __memcpy_sse2_unaligned () at ../sysdeps/x86_64/multiarch/memcpy-sse2-unaligned.S:33

1 0x00007ffff5fd8218 in node_webrtc::DataChannel::Send(v8::FunctionCallbackInfov8::Value const&) ()

from /home/user/workspace/node_modules/wrtc/build/Release/wrtc.node

2 0x000000000082a11c in v8::internal::FunctionCallbackArguments::Call(void (_)(v8::FunctionCallbackInfov8::Value const&)) ()

3 0x000000000084c1ff in v8::internal::Builtin_HandleApiCall(int, v8::internal::Object_, v8::internal::Isolate) ()

4 0x0000141f0af060a2 in ?? ()

5 0x0000141f0af39fa5 in ?? ()

6 0x0000141f0af06001 in ?? ()

7 0x00007fffffffd770 in ?? ()

8 0x00007fffffffd7d0 in ?? ()

9 0x0000141f0afe8766 in ?? ()

10 0x0000363912922da9 in ?? ()

11 0x00003dc1d71b2d19 in ?? ()

12 0x00003dc1d7150381 in ?? ()

13 0x0000363912922da9 in ?? ()

14 0x000036391292b289 in ?? ()

15 0x000036391292b289 in ?? ()

16 0x00003dc1d7150cd1 in ?? ()

17 0x00007fffffffd810 in ?? ()

18 0x0000141f0afe7eee in ?? ()

19 0x00003dc1d71b2d19 in ?? ()

20 0x00003dc1d7150c69 in ?? ()

21 0x000036391292b289 in ?? ()

22 0x00003dc1d71b2d19 in ?? ()

23 0x00003dc1d71aeb21 in ?? ()

24 0x00003dc1d7097031 in ?? ()

25 0x00007fffffffd850 in ?? ()

26 0x0000141f0af24ac6 in ?? ()

27 0x00003dc1d71af159 in ?? ()

28 0x0000000000000000 in ?? ()

VALGRIND

==8420== Memcheck, a memory error detector ==8420== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al. ==8420== Using Valgrind-3.10.0 and LibVEX; rerun with -h for copyright info ==8420== Command: /home/user/workspace/node-v0.12.0-linux-x64/bin/node segfault.js ==8420== ==8420== Warning: set address range perms: large range [0x160482920000, 0x1604a2920000) (noaccess) ==8420== Warning: set address range perms: large range [0x3a04b040, 0x13a04b03f) (undefined) ==8420== Source and destination overlap in memcpy(0x3a04b040, 0x0, 4294967295) ==8420== at 0x4C2F6DD: memcpy@@GLIBC_2.14 (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==8420== by 0x8090217: node_webrtc::DataChannel::Send(v8::FunctionCallbackInfov8::Value const&) (in /home/user/workspace/nodemodules/wrtc/build/Release/wrtc.node) ==8420== by 0x82A11B: v8::internal::FunctionCallbackArguments::Call(void ()(v8::FunctionCallbackInfov8::Value const&)) (in /home/user/workspace/node-v0.12.0-linux-x64/bin/node) ==8420== by 0x84C1FE: v8::internal::Builtin_HandleApiCall(int, v8::internal::Object, v8::internal::Isolate_) (in /home/user/workspace/node-v0.12.0-linux-x64/bin/node) ==8420== by 0x160482D060A1: ??? ==8420== by 0x160482DE7205: ??? ==8420== by 0x160482DE698D: ??? ==8420== by 0x160482D24AC5: ??? ==8420== by 0x160482DE65C1: ??? ==8420== by 0x160482DE58AA: ??? ==8420== by 0x160482D1EF3F: ??? ==8420== by 0x160482D1DE8F: ??? ==8420== ==8420== Invalid read of size 8 ==8420== at 0x4C2F792: memcpy@@GLIBC_2.14 (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==8420== by 0x8090217: node_webrtc::DataChannel::Send(v8::FunctionCallbackInfov8::Value const&) (in /home/user/workspace/nodemodules/wrtc/build/Release/wrtc.node) ==8420== by 0x82A11B: v8::internal::FunctionCallbackArguments::Call(void ()(v8::FunctionCallbackInfov8::Value const&)) (in /home/user/workspace/node-v0.12.0-linux-x64/bin/node) ==8420== by 0x84C1FE: v8::internal::Builtin_HandleApiCall(int, v8::internal::Object, v8::internal::Isolate_) (in /home/user/workspace/node-v0.12.0-linux-x64/bin/node) ==8420== by 0x160482D060A1: ??? ==8420== by 0x160482DE7205: ??? ==8420== by 0x160482DE698D: ??? ==8420== by 0x160482D24AC5: ??? ==8420== by 0x160482DE65C1: ??? ==8420== by 0x160482DE58AA: ??? ==8420== by 0x160482D1EF3F: ??? ==8420== by 0x160482D1DE8F: ??? ==8420== Address 0x3a04b038 is 8 bytes before a block of size 4,294,967,295 alloc'd ==8420== at 0x4C2B820: operator new[](unsigned long) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==8420== by 0x8090206: node_webrtc::DataChannel::Send(v8::FunctionCallbackInfov8::Value const&) (in /home/user/workspace/nodemodules/wrtc/build/Release/wrtc.node) ==8420== by 0x82A11B: v8::internal::FunctionCallbackArguments::Call(void ()(v8::FunctionCallbackInfov8::Value const&)) (in /home/user/workspace/node-v0.12.0-linux-x64/bin/node) ==8420== by 0x84C1FE: v8::internal::Builtin_HandleApiCall(int, v8::internal::Object, v8::internal::Isolate_) (in /home/user/workspace/node-v0.12.0-linux-x64/bin/node) ==8420== by 0x160482D060A1: ??? ==8420== by 0x160482DE7205: ??? ==8420== by 0x160482DE698D: ??? ==8420== by 0x160482D24AC5: ??? ==8420== by 0x160482DE65C1: ??? ==8420== by 0x160482DE58AA: ??? ==8420== by 0x160482D1EF3F: ??? ==8420== by 0x160482D1DE8F: ??? ==8420== ==8420== Invalid read of size 8 ==8420== at 0x4C2F780: memcpy@@GLIBC_2.14 (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==8420== by 0x8090217: node_webrtc::DataChannel::Send(v8::FunctionCallbackInfov8::Value const&) (in /home/user/workspace/nodemodules/wrtc/build/Release/wrtc.node) ==8420== by 0x82A11B: v8::internal::FunctionCallbackArguments::Call(void ()(v8::FunctionCallbackInfov8::Value const&)) (in /home/user/workspace/node-v0.12.0-linux-x64/bin/node) ==8420== by 0x84C1FE: v8::internal::Builtin_HandleApiCall(int, v8::internal::Object, v8::internal::Isolate_) (in /home/user/workspace/node-v0.12.0-linux-x64/bin/node) ==8420== by 0x160482D060A1: ??? ==8420== by 0x160482DE7205: ??? ==8420== by 0x160482DE698D: ??? ==8420== by 0x160482D24AC5: ??? ==8420== by 0x160482DE65C1: ??? ==8420== by 0x160482DE58AA: ??? ==8420== by 0x160482D1EF3F: ??? ==8420== by 0x160482D1DE8F: ??? ==8420== Address 0x3a04b028 is 24 bytes before a block of size 4,294,967,295 alloc'd ==8420== at 0x4C2B820: operator new[](unsigned long) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==8420== by 0x8090206: node_webrtc::DataChannel::Send(v8::FunctionCallbackInfov8::Value const&) (in /home/user/workspace/nodemodules/wrtc/build/Release/wrtc.node) ==8420== by 0x82A11B: v8::internal::FunctionCallbackArguments::Call(void ()(v8::FunctionCallbackInfov8::Value const&)) (in /home/user/workspace/node-v0.12.0-linux-x64/bin/node) ==8420== by 0x84C1FE: v8::internal::Builtin_HandleApiCall(int, v8::internal::Object_, v8::internal::Isolate) (in /home/user/workspace/node-v0.12.0-linux-x64/bin/node) ==8420== by 0x160482D060A1: ??? ==8420== by 0x160482DE7205: ??? ==8420== by 0x160482DE698D: ??? ==8420== by 0x160482D24AC5: ??? ==8420== by 0x160482DE65C1: ??? ==8420== by 0x160482DE58AA: ??? ==8420== by 0x160482D1EF3F: ??? ==8420== by 0x160482D1DE8F: ??? ==8420== ==8420== ==8420== Process terminating with default action of signal 11 (SIGSEGV) ==8420== Access not within mapped region at address 0x385D7FF8 ==8420== at 0x4C2F792: memcpy@@GLIBC_2.14 (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==8420== by 0x8090217: node_webrtc::DataChannel::Send(v8::FunctionCallbackInfov8::Value const&) (in /home/user/workspace/nodemodules/wrtc/build/Release/wrtc.node) ==8420== by 0x82A11B: v8::internal::FunctionCallbackArguments::Call(void ()(v8::FunctionCallbackInfov8::Value const&)) (in /home/user/workspace/node-v0.12.0-linux-x64/bin/node) ==8420== by 0x84C1FE: v8::internal::Builtin_HandleApiCall(int, v8::internal::Object_, v8::internal::Isolate) (in /home/user/workspace/node-v0.12.0-linux-x64/bin/node) ==8420== by 0x160482D060A1: ??? ==8420== by 0x160482DE7205: ??? ==8420== by 0x160482DE698D: ??? ==8420== by 0x160482D24AC5: ??? ==8420== by 0x160482DE65C1: ??? ==8420== by 0x160482DE58AA: ??? ==8420== by 0x160482D1EF3F: ??? ==8420== by 0x160482D1DE8F: ??? ==8420== If you believe this happened as a result of a stack ==8420== overflow in your program's main thread (unlikely but ==8420== possible), you can try to increase the size of the ==8420== main thread stack using the --main-stacksize= flag. ==8420== The main thread stack size used in this run was 8388608. ==8420== ==8420== HEAP SUMMARY: ==8420== in use at exit: 4,297,612,991 bytes in 2,828 blocks ==8420== total heap usage: 159,258 allocs, 156,430 frees, 4,467,063,390 bytes allocated ==8420== ==8420== LEAK SUMMARY: ==8420== definitely lost: 2,480 bytes in 11 blocks ==8420== indirectly lost: 2,717 bytes in 54 blocks ==8420== possibly lost: 133,480 bytes in 475 blocks ==8420== still reachable: 4,297,474,314 bytes in 2,288 blocks ==8420== suppressed: 0 bytes in 0 blocks ==8420== Rerun with --leak-check=full to see details of leaked memory ==8420== ==8420== For counts of detected and suppressed errors, rerun with: -v ==8420== ERROR SUMMARY: 3466762 errors from 3 contexts (suppressed: 0 from 0)

vmolsa commented 9 years ago

with node-v0.12.0 GetIndexedPropertiesExternalArrayData() -> returns null GetIndexedPropertiesExternalArrayDataLength() -> returns int, not uint GetIndexedPropertiesExternalArrayDataLength() -> returns -1 and same as uint is 4294967295

so the result of rtc::Buffer buffer(data, data_len) is rtc::Buffer buffer(null, 4294967295) and this is causing the segfault

guymguym commented 9 years ago

@modeswitch in #185 this was already handled differently for node 0.12, so this bug seems to be resolved.

modeswitch commented 9 years ago

Yeah, this should be fixed.