search

ros2 / rmw_zenoh

RMW for ROS 2 using Zenoh as the middleware
Apache License 2.0
142 stars 29 forks source link

Segmentation fault running component_container. #193

Closed hwoithe closed 1 month ago

hwoithe commented 1 month ago

The compiler warning gives a hint:

...
<***removed***>/ws_rmw_zenoh/src/rmw_zenoh/rmw_zenoh_cpp/src/detail/liveliness_utils.cpp: In function ‘std::string rmw_zenoh_cpp::liveliness::zid_to_str(const z_id_t&)’:
<***removed***>/ws_rmw_zenoh/src/rmw_zenoh/rmw_zenoh_cpp/src/detail/liveliness_utils.cpp:228:12: warning: comparison of unsigned expression in ‘>= 0’ is always true [-Wtype-limits]
  228 |   for (; i >= 0; i--) {
      |          ~~^~~~
---
...

The variable i is of type size_t and will wrap. It is then possible that we will eventually access an invalid memory location. https://github.com/ros2/rmw_zenoh/blob/e6864931cccfc9c504b4bbc3ae7899334e70fdae/rmw_zenoh_cpp/src/detail/liveliness_utils.cpp#L228

Terminal 1:

$ ros2 run rmw_zenoh_cpp rmw_zenohd

Terminal 2:

$ export RMW_IMPLEMENTATION=rmw_zenoh_cpp
$ ros2 run rclcpp_components component_container
[ros2run]: Segmentation fault

$ gdb --args /opt/ros/jazzy/lib/rclcpp_components/component_container
...
(gdb) run
Starting program: /opt/ros/jazzy/lib/rclcpp_components/component_container 
...
[New Thread 0x7ffff64c66c0 (LWP 1346392)]
[New Thread 0x7ffff5cc56c0 (LWP 1346393)]
[New Thread 0x7ffff383f6c0 (LWP 1346394)]
[New Thread 0x7ffff363e6c0 (LWP 1346395)]
[New Thread 0x7ffff343d6c0 (LWP 1346396)]
[New Thread 0x7ffff323c6c0 (LWP 1346397)]
[New Thread 0x7ffff303b6c0 (LWP 1346398)]
[New Thread 0x7ffff2e3a6c0 (LWP 1346399)]
[New Thread 0x7ffff2c396c0 (LWP 1346400)]

Thread 1 "component_conta" received signal SIGSEGV, Segmentation fault.
0x00007ffff543d952 in rmw_zenoh_cpp::liveliness::zid_to_str[abi:cxx11](z_id_t const&) (id=...) at <***removed***>/ws_rmw_zenoh/src/rmw_zenoh/rmw_zenoh_cpp/src/detail/liveliness_utils.cpp:229
229     ss << static_cast<int>(id.id[i]);
(gdb) bt
#0  0x00007ffff543d952 in rmw_zenoh_cpp::liveliness::zid_to_str[abi:cxx11](z_id_t const&) (id=...) at <***removed***>/ws_rmw_zenoh/src/rmw_zenoh/rmw_zenoh_cpp/src/detail/liveliness_utils.cpp:229
#1  0x00007ffff54148b8 in rmw_zenoh_cpp::GraphCache::GraphCache (this=0x5555555db750, zid=...) at <***removed***>/ws_rmw_zenoh/src/rmw_zenoh/rmw_zenoh_cpp/src/detail/graph_cache.cpp:72
#2  0x00007ffff546978a in std::make_unique<rmw_zenoh_cpp::GraphCache, z_id_t&> () at /usr/include/c++/13/bits/unique_ptr.h:1070
#3  0x00007ffff546717e in rmw_init (options=0x5555555a5798, context=0x5555555a56a0) at <***removed***>/ws_rmw_zenoh/src/rmw_zenoh/rmw_zenoh_cpp/src/rmw_init.cpp:181
#4  0x00007ffff692abe7 in rcl_init (argc=1, argv=0x7fffffffb478, options=0x55555556f420, context=0x5555555a5500) at <***removed***>/ws_rmw_zenoh/src/rcl/rcl/src/rcl/init.c:306
#5  0x00007ffff796104f in rclcpp::Context::init (this=0x5555555a5200, argc=1, argv=0x7fffffffb478, init_options=...) at <***removed***>/ws_rmw_zenoh/src/rclcpp/rclcpp/src/rclcpp/context.cpp:208
#6  0x00007ffff7c3d3a7 in rclcpp::init (argc=1, argv=0x7fffffffb478, init_options=..., signal_handler_options=rclcpp::SignalHandlerOptions::All) at <***removed***>/ws_rmw_zenoh/src/rclcpp/rclcpp/src/rclcpp/utilities.cpp:41
#7  0x0000555555556323 in main ()

rmw_zenoh: e6864931cccfc9c504b4bbc3ae7899334e70fdae ROS release: jazzy

Yadunund commented 1 month ago

Thanks for the ticket. This is a regression from #190

Yadunund commented 1 month ago

@hwoithe could you please try again with the latest rolling branch?

hwoithe commented 1 month ago

It is working for me now. Thank you for the quick fix!