Project

General

Profile

Bug #707

Inactive WTimer in WApplication causes segfault

Added by Koen Deforche over 10 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Target version:
-
Start date:
02/03/2011
Due date:
% Done:

0%

Estimated time:

Description

(Gaetano Mendola):

The test case at the end of this mail makes the application Seg Fault

(I have tried it with 3.1.7a and latest git).

Head of back trace is:

Core was generated by `./a.out'.
Program terminated with signal 11, Segmentation fault.
#0  0x00007ff344002300 in ?? ()
(gdb) bt
#0  0x00007ff344002300 in ?? ()
#1  0x00007ff353430a8b in ~WWidget (this=0x7ff34400a450,__in_chrg=<value optimized out>) at /root/wt-git/wt/src/Wt/WWidget.C:41
#2  0x00007ff3533ebfa6 in ~WTimerWidget (this=0x7ff34400a5a0,__in_chrg=<value optimized out>) at /root/wt-git/wt/src/Wt/WTimerWidget.C:24
#3  0x00007ff3533eb0cc in ~WTimer (this=0x7ff344008290,__in_chrg=<value optimized out>) at /root/wt-git/wt/src/Wt/WTimer.C:36
#4  0x00007ff3533641df in ~WObject (this=0x7ff344006700,__in_chrg=<value optimized out>) at /root/wt-git/wt/src/Wt/WObject.C:90
#5  0x0000000000406eb9 in CustomInterface::~CustomInterface() ()
#6  0x00007ff35348bbb2 in ~WebSession (this=0x1a5f700,__in_chrg=<value optimized out>) at /root/wt-git/wt/src/web/WebSession.C:153

How to make it crash:

Lower the "time out" to 10 seconds, just to not wait too much, in

/etc/wt/wt_config.xml.

Launch the application, open with a browser the (empty) application,

wait in the console for the print of void CustomInterface::callBack(),

close the page, wait for the 10 seconds (in order to let the timeout

expire), then reopen the application.

What I see in the console before the crash is:

[2011-Feb-01 15:57:58.387445] 31361 [/ 58pxqNZKNJpkzdYj] [notice]
"Session created (#sessions = 2)"
Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.517.8 Safari/534.7
[2011-Feb-01 15:57:58.387884] 31361 [/ 7jrnfnDmeAsvYSvA] [notice] "Timeout: expiring"
[2011-Feb-01 15:57:58.388122] 31361 [/ 7jrnfnDmeAsvYSvA] [error] "Error during event handling: doRecursiveEventLoop(): session was killed"
192.168.21.17 - - [2011-Feb-01 15:57:58.388216] "GET / HTTP/1.1" 200 1675
[2011-Feb-01 15:57:58.388234] 31361 [/ 7jrnfnDmeAsvYSvA] [fatal] "doRecursiveEventLoop(): session was killed" 
Segmentation fault (core dumped)

The valgrind complains in the following way:

==31376== Thread 5:
==31376== Invalid read of size 8
==31376==    at 0x5176A51: Wt::WWidget::~WWidget() (list_node.hpp:54)
==31376==    by 0x5131FA5: Wt::WTimerWidget::~WTimerWidget() (WTimerWidget.C:24)
==31376==    by 0x51310CB: Wt::WTimer::~WTimer() (WTimer.C:36)
==31376==    by 0x50AA1DE: Wt::WObject::~WObject() (WObject.C:90)
==31376==    by 0x406EB8: CustomInterface::~CustomInterface() (in /home/kalman/a.out)
==31376==    by 0x51D1BB1: Wt::WebSession::~WebSession() (WebSession.C:153)
==31376==    by 0x519A071: boost::detail::sp_counted_impl_p<Wt::WebSession>::dispose() (checked_delete.hpp:34)
==31376==    by 0x403631: boost::detail::sp_counted_base::release() (in /home/kalman/a.out)
==31376==    by 0x4036C0: boost::detail::shared_count::~shared_count() (in /home/kalman/a.out)
==31376==    by 0x51F0080: Wt::WebController::handleAsyncRequest(Wt::WebRequest*) (shared_ptr.hpp:169)
==31376==    by 0x55E61EE: http::server::WtReply::consumeRequestBody(char const*, char const*, http::server::Request::State) (WtReply.C:187)
==31376==    by 0x55A6EA7: http::server::RequestParser::parseBody(http::server::Request&, boost::shared_ptr<http::server::Reply>, char const*&, char const*) (RequestParser.C:137)
==31376==  Address 0x9a3b4b8 is 24 bytes inside a block of size 5,392 free'd
==31376==    at 0x4C26B7B: operator delete[](void*) (vg_replace_malloc.c:409)
==31376==    by 0x4FD6B98: Wt::WApplication::~WApplication() (pool.hpp:57)
==31376==    by 0x406EB8: CustomInterface::~CustomInterface() (in /home/kalman/a.out)
==31376==    by 0x51D1BB1: Wt::WebSession::~WebSession() (WebSession.C:153)
==31376==    by 0x519A071: boost::detail::sp_counted_impl_p<Wt::WebSession>::dispose() (checked_delete.hpp:34)
==31376==    by 0x403631: boost::detail::sp_counted_base::release() (in /home/kalman/a.out)
==31376==    by 0x4036C0: boost::detail::shared_count::~shared_count() (in /home/kalman/a.out)
==31376==    by 0x51F0080: Wt::WebController::handleAsyncRequest(Wt::WebRequest*) (shared_ptr.hpp:169)
==31376==    by 0x55E61EE: http::server::WtReply::consumeRequestBody(char const*, char const*, http::server::Request::State) (WtReply.C:187)
==31376==    by 0x55A6EA7: http::server::RequestParser::parseBody(http::server::Request&, boost::shared_ptr<http::server::Reply>, char const*&, char const*) (RequestParser.C:137)
==31376==    by 0x558B161: http::server::Connection::handleReadBody() (Connection.C:171)
==31376==    by 0x558C982: http::server::Connection::handleReadRequest0() (Connection.C:119)

Here is the source:

//---------------------------------------------------------------------------------------------------------
#include <Wt/WApplication>
#include <Wt/WTimer>

#include <iostream>


class CustomInterface : public Wt::WApplication {
 public:
 CustomInterface(const Wt::WEnvironment& env)
     :Wt::WApplication(env),
      theTimer(new Wt::WTimer(this))
 {
   theTimer->setInterval(2000);
   theTimer->timeout().connect(this, &CustomInterface::callBack);
   theTimer->start();
 }

 void callBack() {
   theTimer->stop();
   std::cout << __PRETTY_FUNCTION__ << std::endl;
   while(1) {
     sleep(1);
     Wt::WApplication::instance()->processEvents();
   }
 }

 private:
 Wt::WTimer             *theTimer;
};

Wt::WApplication *createApplication(const Wt::WEnvironment& env) {
 Wt::WApplication* myApplication = new CustomInterface(env);
 return myApplication;
}

int main(int argc, char** argv) {
 Wt::WRun(argc, argv, &createApplication);
}
//---------------------------------------------------------------------------------------------------------

I confirm. The trouble is that a proper fix of this requires a

redesign of the (old) timer code. The workaround is to not make the

timer a child of application, or, if you do, to delete the timer

explicitly in the destructor.

Regards,

koen

No data to display

Also available in: Atom PDF