apollo icon indicating copy to clipboard operation
apollo copied to clipboard
verified publisher icon ApolloAuto

CyberRT10.0 reader segment fault when protobuf string length > 16

Open buaaliyuan opened this issue 10 months ago • 1 comments

Describe the bug protobuf string length > 16 cause reader crash

To Reproduce Steps to reproduce the behavior:

  1. config channel zero copy communication
  2. assign string value (char*、&&、& )>16
  3. writer publish message
  4. reader subscribe

Expected behavior reader don't crash

Screenshots If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

  • OS: [e.g. iOS]
  • Browser [e.g. chrome, safari]
  • Version [e.g. 22]

Smartphone (please complete the following information):

  • Device: x86 or aarch64(orin)
  • OS: Linux

Additional context

  • string length <= 16,protobuf arena store string content
  • string length >16,protobuf arena store string pointer of virtual address of writer process,reader process cant access
  • find related issue https://github.com/ApolloAuto/apollo/issues/15621

buaaliyuan avatar Feb 14 '25 06:02 buaaliyuan

https://protobuf.dev/reference/cpp/arenas/#arenastring String fields store their data on the heap even when their parent message is on the arena.

You should avoid accessing string fields if arena is enabled, otherwise coredump may be caused as the address spaces of different processes are different.

hearto1314 avatar Feb 17 '25 09:02 hearto1314