otp icon indicating copy to clipboard operation
otp copied to clipboard
verified publisher icon erlang

SEGV crash with externally encoded large maps from port/NIF thread

Open dotsimon opened this issue 1 year ago • 1 comments

Describe the bug BEAM crashes when a thread sends a large (>128 keys) map externally encoded using e.g. erl_drv_send_term

The problem is that commit 184634a works around having no process by assuming there is a scheduler. For threads created with erl_drv_thread_create or similar this is not true.

To Reproduce A trivial port program that simply echoes a received term back to the calling process is attached.

Compile the driver with the appropriate flags for your system, t.ex.

gcc -c -fPIC -I/usr/local/otp_25.3/lib/erlang/usr/include -Wall -fno-common -o sigsegv_drv.o sigsegv_drv.c
cc -bundle -flat_namespace -undefined suppress -o sigsegv_drv.so sigsegv_drv.o

Compile the test module erlc sigsegv_drv.erl

Verify the basic functionality of the test program sigsegv_drv:go(128).

Reproduce the fault sigsegv_drv:die().

Expected behavior BEAM does not crash. Test program prints "I DID NOT DIE!"

Affected versions OTP-23.3.4.15+ OTP-24.3.4.2+ OTP-25.1+ OTP-26+

dotsimon avatar Feb 29 '24 23:02 dotsimon

The test module & port driver didn't get attached so here they are: sigsegv_drv.zip

dotsimon avatar Mar 05 '24 00:03 dotsimon

Fix #8209 merged to maint (OTP 27.3) and scheduled for maint-24,25,26.

sverker avatar Feb 18 '25 11:02 sverker