[AGENT++] Double free ... (memory corruption)

Jens Rehsack rehsack at googlemail.com
Wed Oct 27 10:07:24 CEST 2010 

2010/10/27 Frank Fock <fock at agentpp.com>:
> Hi Jens,
>
> This is indeed most likely a synchronization problem.
> Please make sure that you follow the AGENT++ locking
> concept as follows:
>
> First lock the whole MIB with
>
> mib->lock_mib();
>
> //now you can make registration changes or lookup
> an MibEntry to modify (or just read).
>
> // when you got the pointer to the entry to modify
> // lock it with:
> mib_entry->start_sync();
>
> // now you may unlock the MIB
> mib->unlock_mib();
>
> // modify the mib_entry
> ...
>
> // unlock it
> mib_entry->end_sync();
>
>
> Within the MibTable::update() method, you must not lock
> the Mib, because MibTable::update() will be called only
> by AGENT++ if the Mib has been locked. Nevertheless,
> you will need to lock the entry itself within the
> update method, if you modify the entry itself.

The assumption is incorrect - I don't update the table within
it's update() method - it's done outside in a separate update-
thread, which replaces the table.

I "solved" it by moving the static variables
> static int _need_rebalancing;   // to send back balance info from rec. calls
> static OidxPtr*   _target_item;     // add/del_item target
> static OidxPtrEntryPtrAVLNode* _found_node; // returned added/deleted node
> static int    _already_found;   // for deletion subcases
as private attributes into the OidxPtrEntryPtrAVLMap class.

That seems to solve the problem.

Jens

> Hope this helps.
>
> Best regards,
> Frank
>
>
> On 26.10.2010 10:04, Jens Rehsack wrote:
>> Hi all,
>>
>> I received during a long-term test a memory corruption:
>>
>> *** glibc detected *** ./src/smart-snmpd: double free or corruption
>> (fasttop): 0xb3d00f68 ***
>> ======= Backtrace: =========
>> /lib/tls/i686/cmov/libc.so.6(+0x6b591)[0x5b2591]
>> /lib/tls/i686/cmov/libc.so.6(+0x6cde8)[0x5b3de8]
>> /lib/tls/i686/cmov/libc.so.6(cfree+0x6d)[0x5b6ecd]
>> /usr/lib/libstdc++.so.6(_ZdlPv+0x21)[0x44e741]
>> /sysmgmt/opt/smart-snmp/lib/libagent++.so.35(_ZN7Agentpp21OidxPtrEntryPtrAVLMap3delEPNS_4OidxE+0x6d)[0xe1676d]
>> /sysmgmt/opt/smart-snmp/lib/libagent++.so.35(_ZN7Agentpp8MibTableD0Ev+0x1e1)[0xe26ce1]
>> ./src/smart-snmpd[0x807c7c8]
>> ./src/smart-snmpd[0x807ad12]
>> ./src/smart-snmpd[0x8080439]
>> /sysmgmt/opt/smart-snmp/lib/libagent++.so.35(_ZN7Agentpp14thread_starterEPv+0xbd)[0xe69d1d]
>> /lib/tls/i686/cmov/libpthread.so.0(+0x596e)[0x93596e]
>> /lib/tls/i686/cmov/libc.so.6(clone+0x5e)[0x614a4e]
>>
>> Using objdump I could guess the source location:
>> include/agent_pp/List.h:829 - looks for me (quick look)
>> as a threading issue (is the access to _need_rebalancing locked? I
>> didn't find where ...)
>>
>> Wouldn't it reasonable to use member variables? Or much better: std::map<>?
>>
>> /Jens
>> _______________________________________________
>> AGENTPP mailing list
>> AGENTPP at agentpp.org
>> http://lists.agentpp.org/mailman/listinfo/agentpp
>
> --
> AGENT++
> http://www.agentpp.com
> http://www.snmp4j.com
> http://www.mibexplorer.com
> http://www.mibdesigner.com
>
> _______________________________________________
> AGENTPP mailing list
> AGENTPP at agentpp.org
> http://lists.agentpp.org/mailman/listinfo/agentpp
>

More information about the AGENTPP mailing list