get-u8 on socket segfaults on TCP RST

[GoogleCodeExporter]

What steps will reproduce the problem?
Here is a simple server program:

  (import (rnrs)
          (mosh socket))

  (let ((srv (make-server-socket "8080")))
    (let loop ((i 1))
      (let ((conn (socket-accept srv)))
        (display "accepted connection ")
        (display i)
        (newline)
        (let* ((sock-port (socket-port conn)))
          (display "about to write message.\n")
          (put-bytevector sock-port (string->utf8 "Hello, world!\n"))
          (display "wrote message.\n")
          (display "about to read.\n")
          (get-u8 sock-port)
          (display "get-u8 returned.\n")
          (socket-close conn)))
      (loop (+ i 1)))
    (socket-close srv)) 

To trigger the segfault you can do either:
  nmap -p 8080 localhost (if you have nmap)
Or compile the C program attached and run it in a loop like:
  while true; do ./econnreset; done
The segfault should happen after a few seconds.

What is the expected output? What do you see instead?
A regular mosh will segfault.

Program received signal SIGSEGV, Segmentation fault.
scheme::VM::getGlobalValueOrFalse (this=0x30, id=...) at src/VM.cpp:860
860     const Object val = nameSpace_.toEqHashTable()->ref(id, notFound_);
(gdb) bt
#0  scheme::VM::getGlobalValueOrFalse (this=0x30, id=...) at src/VM.cpp:860
#1  0x00000000004b9064 in raiseAfter3 (theVM=0x30, procName=0x5afb08, 
    who=<value optimized out>, message=<value optimized out>, 
    irritants=<value optimized out>) at src/ErrorProcedures.cpp:77
#2  0x00000000004ba0f1 in callIOReadErrorAfter (theVM=<value optimized out>, 
    e=...) at src/ErrorProcedures.cpp:117
#3  scheme::callIOErrorAfter (theVM=<value optimized out>, e=...)
    at src/ErrorProcedures.cpp:139
#4  0x00000000004a2951 in scheme::sysDisplayEx (theVM=0x30, argc=0, 
    argv=0x1097d98) at src/PortProcedures.cpp:768
#5  0x0000000000435010 in call (this=0xa02d20, code=<value optimized out>, 
    returnPoint=<value optimized out>, returnTable=<value optimized out>)
    at src/CProcedure.h:47
#6  scheme::VM::runLoop (this=0xa02d20, code=<value optimized out>, 
    returnPoint=<value optimized out>, returnTable=<value optimized out>)
    at src/call.inc.cpp:92
#7  0x0000000000422ea8 in evaluateUnsafe (this=0xa02d20, code=0xd78000, 
    codeSize=86737, isCompiler=false) at src/VM.cpp:402
#8  scheme::VM::evaluateSafe (this=0xa02d20, code=0xd78000, codeSize=86737, 
    isCompiler=false) at src/VM.cpp:416
#9  0x0000000000427f25 in scheme::VM::activateR6RSMode (this=0xa02d20, 
    image=0x5b7ae0 "\004\321R\001", image_size=357814, 
    isDebugExpand=<value optimized out>) at src/VM.cpp:849
#10 0x000000000051ce8a in activateR6RSMode (vm=<value optimized out>, 
    isDebugExpand=<value optimized out>) at src/main.cpp:121
#11 0x0000000000409551 in main (argc=<value optimized out>, 
    argv=<value optimized out>) at src/main.cpp:347

Mosh built with --enable-developer will sometimes die with:
  ASSERT failure src/ErrorProcedures.cpp:156: isErrorBufInitialized
However developer mosh will sometimes segfault as well.

What version of the product are you using? On what operating system?
Git ecf3bfe0d1f0e672006a26d4adfe7faca906f22f
Linux amd64

Please provide any additional information below.
Bug might be platform specific.
I think the problem will be caused by any -1 return from recv() call in 
OSCompatSocket.cpp, not just ECONNRESET.

Original issue reported on code.google.com by amoe...@gmail.com on 4 May 2011 at 7:37

Attachments:

• econnreset.c

[GoogleCodeExporter]

Original comment by hige...@gmail.com on 4 May 2011 at 10:55

• Changed state: Accepted

[GoogleCodeExporter]

I couldn't reproduce the problem in Cygwin and MSVC.

It seems you've hit some race condition around exception displaying..

Cygwin mosh:
 Condition components:
 1. &i/o-read
 2. &who             who: "display"
 3. &message         message: "Software caused connection abort"
 4. &i/o-port        port: ()
 5. &irritants       irritants: (())

 Exception:
     error in raise: returned from non-continuable exception

 Stack trace:
    1. throw: <subr>
    2. (raise c):  baselib.scm:943
    3. get-u8: <subr>
    4. eval: <subr>
    5. (<top-level>): <unknown location>

Win32 nmosh: (&message says about ECONNABORTED in Japanese)
debugger not found. using minidebug.
 Condition components:
 1. &i/o-read
 2. &who             "get-u8"
 3. &message         "確立された接続がホスト コンピューターのソウトウェアによって中止されました。"
 4. &i/o-port        ()
 5. &irritants       (())
TRACE :
  1 :   cprc   #f
  2 : ==USRP== (loop i) @ check.sps:5

Original comment by oku...@gmail.com on 4 May 2011 at 11:40

[GoogleCodeExporter]

Thank you for your bug report.
https://github.com/higepon/mosh/commit/7f38a175f91a5db478909d5a9a0193a8de56d7fe

Forgot to add TRY_WITHOUT_DSTR.

Original comment by hige...@gmail.com on 5 May 2011 at 7:01

• Changed state: Fixed

[GoogleCodeExporter]

Thanks Higepon, works great.  :)

Original comment by amoe...@gmail.com on 5 May 2011 at 8:39