Uninitialized memory in syscall during param_set

[jbwillis]

Running valgrind on the master branch indicates unitialized memory and possible.

System:

• Ubuntu 18.04
• ROS Melodic
• gcc 7.5.0

To reproduce:

• Launch rosflight sim roslaunch rosflight_sim multirotor.launch
• Run rosflight_io with Valgrind valgrind devel/lib/rosflight/rosflight_io _udp:=true
• Perform a param_set rosservice call /param_set MIXER 1

The following message is shown:

==19869== Syscall param sendmsg(msg.msg_iov[0]) points to uninitialised byte(s)
==19869==    at 0x6752EE7: sendmsg (sendmsg.c:28)
==19869==    by 0x4EC2BD9: boost::asio::detail::socket_ops::sendto(int, iovec const*, unsigned long, int, sockaddr const*, unsigned long, boost::system::error_code&) (socket_ops.ipp:1299)
==19869==    by 0x4EC2C9C: boost::asio::detail::socket_ops::non_blocking_sendto(int, iovec const*, unsigned long, int, sockaddr const*, unsigned long, boost::system::error_code&, unsigned long&) (socket_ops.ipp:
1350)
==19869==    by 0x4EC7AF1: boost::asio::detail::reactive_socket_sendto_op_base<boost::asio::const_buffers_1, boost::asio::ip::basic_endpoint<boost::asio::ip::udp> >::do_perform(boost::asio::detail::reactor_op*)
(reactive_socket_sendto_op.hpp:58)
==19869==    by 0x4EBA4FA: boost::asio::detail::reactor_op::perform() (reactor_op.hpp:40)
==19869==    by 0x4EBB1E0: boost::asio::detail::epoll_reactor::start_op(int, int, boost::asio::detail::epoll_reactor::descriptor_state*&, boost::asio::detail::reactor_op*, bool, bool) (epoll_reactor.ipp:242)
==19869==    by 0x4EC3833: boost::asio::detail::reactive_socket_service_base::start_op(boost::asio::detail::reactive_socket_service_base::base_implementation_type&, int, boost::asio::detail::reactor_op*, bool, b
ool, bool) (reactive_socket_service_base.ipp:221)
==19869==    by 0x4EC6242: void boost::asio::detail::reactive_socket_service<boost::asio::ip::udp>::async_send_to<boost::asio::const_buffers_1, boost::function<void (boost::system::error_code const&, unsigned lo
ng)> >(boost::asio::detail::reactive_socket_service<boost::asio::ip::udp>::implementation_type&, boost::asio::const_buffers_1 const&, boost::asio::ip::basic_endpoint<boost::asio::ip::udp> const&, int, boost::fun
ction<void (boost::system::error_code const&, unsigned long)>&) (reactive_socket_service.hpp:246)
==19869==    by 0x4EC56DB: boost::asio::async_result<boost::asio::handler_type<boost::function<void (boost::system::error_code const&, unsigned long)>&, void (boost::system::error_code, unsigned long)>::type>::t
ype boost::asio::datagram_socket_service<boost::asio::ip::udp>::async_send_to<boost::asio::const_buffers_1, boost::function<void (boost::system::error_code const&, unsigned long)>&>(boost::asio::detail::reactive
_socket_service<boost::asio::ip::udp>::implementation_type&, boost::asio::const_buffers_1 const&, boost::asio::ip::basic_endpoint<boost::asio::ip::udp> const&, int, boost::function<void (boost::system::error_cod
e const&, unsigned long)>&) (datagram_socket_service.hpp:360)
==19869==    by 0x4EC4FF3: boost::asio::async_result<boost::asio::handler_type<boost::function<void (boost::system::error_code const&, unsigned long)>&, void (boost::system::error_code, unsigned long)>::type>::t
ype boost::asio::basic_datagram_socket<boost::asio::ip::udp, boost::asio::datagram_socket_service<boost::asio::ip::udp> >::async_send_to<boost::asio::const_buffers_1, boost::function<void (boost::system::error_c
ode const&, unsigned long)>&>(boost::asio::const_buffers_1 const&, boost::asio::ip::basic_endpoint<boost::asio::ip::udp> const&, boost::function<void (boost::system::error_code const&, unsigned long)>&) (basic_d
atagram_socket.hpp:531)
==19869==    by 0x4EC1F1D: mavrosflight::MavlinkUDP::do_async_write(boost::asio::const_buffers_1 const&, boost::function<void (boost::system::error_code const&, unsigned long)>) (mavlink_udp.cpp:105)
==19869==    by 0x4EB13D4: mavrosflight::MavlinkComm::async_write(bool) (mavlink_comm.cpp:164)
==19869==  Address 0x10945352 is 18 bytes inside a block of size 280 alloc'd
==19869==    at 0x4C3017F: operator new(unsigned long) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19869==    by 0x4EB115F: mavrosflight::MavlinkComm::send_message(__mavlink_message const&) (mavlink_comm.cpp:141)
==19869==    by 0x4ECB434: mavrosflight::ParamManager::param_set_timer_callback(ros::TimerEvent const&) (param_manager.cpp:386)
==19869==    by 0x4ED5752: boost::_mfi::mf1<void, mavrosflight::ParamManager, ros::TimerEvent const&>::operator()(mavrosflight::ParamManager*, ros::TimerEvent const&) const (mem_fn_template.hpp:165)
==19869==    by 0x4ED51FE: void boost::_bi::list2<boost::_bi::value<mavrosflight::ParamManager*>, boost::arg<1> >::operator()<boost::_mfi::mf1<void, mavrosflight::ParamManager, ros::TimerEvent const&>, boost::_b
i::rrlist1<ros::TimerEvent const&> >(boost::_bi::type<void>, boost::_mfi::mf1<void, mavrosflight::ParamManager, ros::TimerEvent const&>&, boost::_bi::rrlist1<ros::TimerEvent const&>&, int) (bind.hpp:319)
==19869==    by 0x4ED4ABE: void boost::_bi::bind_t<void, boost::_mfi::mf1<void, mavrosflight::ParamManager, ros::TimerEvent const&>, boost::_bi::list2<boost::_bi::value<mavrosflight::ParamManager*>, boost::arg<1
> > >::operator()<ros::TimerEvent const&>(ros::TimerEvent const&) (bind.hpp:1306)
==19869==    by 0x4ED3FEC: boost::detail::function::void_function_obj_invoker1<boost::_bi::bind_t<void, boost::_mfi::mf1<void, mavrosflight::ParamManager, ros::TimerEvent const&>, boost::_bi::list2<boost::_bi::v
alue<mavrosflight::ParamManager*>, boost::arg<1> > >, void, ros::TimerEvent const&>::invoke(boost::detail::function::function_buffer&, ros::TimerEvent const&) (function_template.hpp:159)
==19869==    by 0x51C3A86: ros::TimerManager<ros::Time, ros::Duration, ros::TimerEvent>::TimerQueueCallback::call() (in /opt/ros/melodic/lib/libroscpp.so)
==19869==    by 0x51E8B8B: ros::CallbackQueue::callOneCB(ros::CallbackQueue::TLS*) (in /opt/ros/melodic/lib/libroscpp.so)
==19869==    by 0x51E9F7A: ros::CallbackQueue::callAvailable(ros::WallDuration) (in /opt/ros/melodic/lib/libroscpp.so)
==19869==    by 0x5241FE8: ros::SingleThreadedSpinner::spin(ros::CallbackQueue*) (in /opt/ros/melodic/lib/libroscpp.so)
==19869==    by 0x522A87A: ros::spin() (in /opt/ros/melodic/lib/libroscpp.so)
==19869==

When terminating rosflight_io the following information is given.

==22876== HEAP SUMMARY:
==22876==     in use at exit: 3,165 bytes in 40 blocks
==22876==   total heap usage: 308,223 allocs, 308,183 frees, 14,653,997 bytes allocated
==22876== 
==22876== LEAK SUMMARY:
==22876==    definitely lost: 0 bytes in 0 blocks
==22876==    indirectly lost: 0 bytes in 0 blocks
==22876==      possibly lost: 0 bytes in 0 blocks
==22876==    still reachable: 3,165 bytes in 40 blocks
==22876==         suppressed: 0 bytes in 0 blocks

Investigating using --show-reachable=yes suggests that the reachable memory was allocated by ROS.

Need to determine if the uninitialized memory is an issue.