-
Notifications
You must be signed in to change notification settings - Fork 120
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SonoBus crash due to out of bounds access in aoo #253
Comments
C++ generally uses half-open ranges, i.e. the end iterator points to one element past the end of the sequence. The only problem I see with this code is that it may fail with Visual Studio debug builds if checked iterators are enabled (https://learn.microsoft.com/en-us/cpp/standard-library/checked-iterators?view=msvc-170). Anyway, the code should work fine in release builds. Can you post a full stack trace? |
I did some napkin math because some values are optimized out and that off by one error was my best guess, gonna recompile in Debug now.. but this is the BT for now:
|
Thanks! Just as I expected, the crash in the debug build is caused by debug iterators. However, this is not the source of the original crash. I think the quickest solution is to compile with |
Weird, the above stacktrace was with |
That is weird indeed! |
Found the problem: Arch includes Adding I will test out the new build and reach out to the aur maintainer in the meantime. |
Ouch! Good catch! Why do they do this? It's terrible for performance! |
no, forming a reference to an out-of-bounds element is UB. It doesn't matter if / how the reference is used afterwards. A EDIT: no it won't due to the last element. Probably best to use
Because developers don't know the language semantics, evidently. |
No, forming a reference to one element past the end of the array is completely valid! How else would you implement
Or use
|
Yes sorry, from the original I read Either way, |
It is first and foremost a debug setting. IMO adding range-checks to |
For some time now my SonoBus has been crashing after an extended runtime of 6+ hours.
Not a problem for short runs but annoying in continuous operation.
When debugging, this line in aoo causes the actual crash:
sonobus/deps/aoo/lib/src/SLIP.hpp
Line 59 in 35f1062
When the read exceeds the length of the local buffer,
rdhead_ + n1
is supposed to read tobuffer_.size() - 1
but instead reads tobuffer_.size()
which is of course out of bounds.sonobus/deps/aoo/lib/src/SLIP.hpp
Lines 45 to 67 in 35f1062
The fix should be to just subtract
1
fromn1
, but I currently do not have the time to test that.The text was updated successfully, but these errors were encountered: