segfault starting api-test

[gavanderhoorn]

Just compiled cros (0abb16d) on Ubuntu Precise (12.04), 32 bit (up-to-date as of 2015-04-28), then tried to start api-test and received the following SIGSEGV (note that the console output states that api-test is connecting to a roscore, but I did not start it):

Starting program: /home/user/ros/cros/cros-master/samples/bin/api-test 
Running node "/Gripper" with host : 127.0.0.1, roscore host : 127.0.0.1 and roscore port : 11311
To set a different node/host/port, take a look at the options: /home/user/ros/cros/cros-master/samples/bin/api-test -h
Publishing topic /rosout type rosgraph_msgs/Log 
Registering service /Gripper/get_loggers type roscpp/GetLoggers 
Registering service /Gripper/set_logger_level type roscpp/SetLoggerLevel 

[1430225884,0] cROS Node (version 0.90) created!
Subscribing to topic /gripperstatus type gripping_robot/GripperStatus 
Subscribing to topic /gripperjoints type gripping_robot/GripperJoints 
Registering service /close_clamps type gripping_robot/CloseGripper 
Registering service /open_clamps type gripping_robot/OpenGripper 
Registering service /park_configuration type gripping_robot/RestPosition 
Registering service /reconfigure type gripping_robot/Reconfigure 
Registering service /transfer type gripping_robot/Transfer 
Registering service /move_arm type gripping_robot/MoveArm 

Program received signal SIGSEGV, Segmentation fault.
0x08053170 in cRosNodeDoEventsLoop (n=0x8075008) at /home/user/ros/cros/cros-master/src/cros_node.c:2327
2327          if( FD_ISSET(server_fd, &err_fds) )

The backtrace at that point is:

(gdb) bt
#0  0x08053170 in cRosNodeDoEventsLoop (n=0x8075008) at /home/user/ros/cros/cros-master/src/cros_node.c:2327
#1  0x08053bb3 in cRosNodeStart (n=0x8075008, exit=0xbfffec3b "") at /home/user/ros/cros/cros-master/src/cros_node.c:2449
#2  0x0804da95 in main (argc=1, argv=0xbffff0f4) at /home/user/ros/cros/cros-master/samples/api-test.c:362
(gdb) print serv
server_fd             service_idx           service_type          serviceresponse_type  
service               service_name          servicerequest_type   services              
(gdb) print server_fd 
$1 = -1
(gdb) print err_fds 
$2 = {__fds_bits = {0 <repeats 32 times>}}

gcc: 4.6.4 (Ubuntu/Linaro 4.6.4-1ubuntu1~12.04)

I can provide more info if desired.

[gavanderhoorn]

Same fault observed when a roscore is running.

[ceztko]

We managed to reproduce the bug on Ubuntu 12.04 32 bit. For now, I let you know the api sample works out of the box on Ubuntu 14.04 64 bit.

[gavanderhoorn]

Ok. I normally don't just dump bugs like this, but in this case I was encouraged by one of your employees.

[ceztko]

The issue is related to checking a negative file descriptor in a fd_set with the macro FD_ISSET. Recent gcc versions seems to support it, but this is not true in other compilers as for example clang. What is more interesting is that the segfault seems to be os version related:

#include <sys/select.h>
#include <signal.h> // Commenting this include produces a warning
                    // on negative shifts but the exe does not
                    // segfault on ubuntu 12.04 32 bit
#include <stdio.h>

int main()
{
  fd_set err_fds;

  FD_ZERO( &err_fds );

  if (FD_ISSET(-1, &err_fds))
  {
    printf ("Non empty statement\n");
  }

  printf ("ok\n");

  return 0;
}

Nevertheless, we'll fix our code by not using FD_ISSET on negative file descriptors. -1 was chosen as the init value for the file descriptor as it's more "sentinel" value than zero.

[gavanderhoorn]

Hi. Can you update me on the current status of this bug?