Segmentation fault in the runtime.

Erik Rigtorp erik@REDACTED
Wed Jul 22 18:24:09 CEST 2009 

Hi!

I encountered a segfault in the runtime when communicating with it
using erl_interface. I suspect what I am sending is malformed, but the
runtime shouldn't segfault becasue of that.

Erlang (SMP,ASYNC_THREADS) (BEAM) emulator version 5.7.1

Stacktrace:
#0  0x080e0a91 in dec_term (dep=0x92294a8, hpp=0xb6355dd4,
ep=0xb5548dd6 " N h\005a\004a.d", off_heap=0xb54118cc,
    objp=0xb6355bec) at beam/external.c:1061
#1  0x080e1fca in erts_from_external_format (dep=0x92294a8,
hpp=0xb6355dd4, ext=0xb6355dd8, off_heap=0xb54118cc)
    at beam/external.c:1036
#2  0x080e4b6c in erts_net_message (prt=0xb7cc3398, dep=0x92294a8,
hbuf=0x0, hlen=0,
    buf=0xb5548cdc "p\203h\003a\002d", len=212) at beam/dist.c:1086
#3  0x080bd444 in driver_output2 (ix=713, hbuf=0xb5548cdc
"p\203h\003a\002d", hlen=250, buf=0x0, len=0)
    at beam/io.c:3262
#4  0x0816f835 in tcp_deliver (desc=0x928bf28, len=254) at
drivers/common/inet_drv.c:1915
#5  0x08171f2a in tcp_recv (desc=0x928bf28, request_len=0) at
drivers/common/inet_drv.c:8037
#6  0x08172281 in tcp_inet_drv_input (data=0x928bf28, event=0xf) at
drivers/common/inet_drv.c:8375
#7  0x080d817b in erts_port_task_execute (runq=0xb7c530e0,
curr_port_pp=0xb7c5c628) at beam/erl_port_task.c:852
#8  0x080d10ed in schedule (p=0xb541167c, calls=7) at beam/erl_process.c:5429
#9  0x08132fce in process_main () at beam/beam_emu.c:1155
#10 0x080c68d8 in sched_thread_func (vesdp=0xb7c595f8) at
beam/erl_process.c:2933
#11 0x0819a702 in thr_wrapper (vtwd=0xbfb58aac) at common/ethread.c:475
#12 0xb7fb44ff in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#13 0xb7f2649e in clone () from /lib/tls/i686/cmov/libc.so.6

The data at the pointer buf=0xb5548cdc, len=212 for stackframe #2:
00000000  70 83 68 03 61 02 64 00  00 67 64 00 10 78 78 78  |p.h.a.d..gd..xxx|
00000010  78 78 78 40 6c 6f 63 61  6c 68 6f 73 74 00 00 00  |xxx@REDACTED|
00000020  d5 00 00 00 00 03 83 68  03 64 00 16 78 78 78 78  |.......h.d..xxxx|
00000030  78 78 78 78 78 78 78 78  78 78 78 78 78 78 78 78  |xxxxxxxxxxxxxxxx|
00000040  78 78 6c ff ff ff ff 68  02 64 00 0f 78 78 78 78  |xxl....h.d..xxxx|
00000050  78 78 78 78 78 78 78 78  78 78 78 68 03 62 00 00  |xxxxxxxxxxxh.b..|
00000060  04 e0 62 00 04 30 4c 62  00 04 5d 49 68 03 62 00  |..b..0Lb..]Ih.b.|
00000070  00 04 e0 62 00 04 30 4c  62 00 04 5d 20 6c 00 00  |...b..0Lb..] l..|
00000080  00 02 68 03 6c 00 00 00  01 68 05 61 05 61 2d 64  |..h.l....h.a.a-d|
00000090  00 04 73 65 6c 6c 63 39  2e 35 35 30 30 30 30 30  |..sellc9.5500000|
000000a0  30 30 30 30 30 30 30 30  30 30 30 30 30 65 2b 30  |0000000000000e+0|
000000b0  31 00 00 00 00 00 62 00  00 10 68 6a 6a 6a 68 03  |1.....b...hjjjh.|
000000c0  6c 00 00 00 01 68 05 61  06 61 2e 64 00 03 62 75  |l....h.a.a.d..bu|
000000d0  79 63 38 2e                                       |yc8.|
000000d4


Sorry I can't provide code or core dumps. I can provide more memory
dumps if needed.

Erik Rigtorp

More information about the erlang-bugs mailing list