[vos-d] Terangreal crash
Karsten Otto
otto at inf.fu-berlin.de
Tue Apr 17 05:00:09 EDT 2007
Hi all,
Reading about Trer'angreal crashing or hanging, I just recently
discovered a small bug in the message handling of the 0.23.0 release.
Of course this is regarding the VOP protocol, which probably nobody
except me uses anymore, so I am not sure anybody else is affected :-)
During normal operation wxterangreal sometimes came to a screeching
halt with the obscure error message "Remote site error: Protocol
violation: negative number attribute"
I tracked this down to libs/vos/vos/
messageblock.cc:XmlParser::parseNumberAttr,
which basically does this:
int res = (int)strtoul(start+pos+1, &end, 10);
if (res < 0) throw ProtocolError(...)
After adding some printfs I was able to finally catch the offending
message:
<update length="215"
to="vop://hobbes:4232"
from="vop://hobbes:4231/a3dl:position_284256529"
method="property:replace-update"
nonce="3821366867">
<data>-8.3 1.4 -9.9</data>
<datatype>list: float</datatype>
</update>
Looks harmless enough, right? The error occured on parsing
nonce="3821366867".
After looking at the code suspiciously I saw that of course
3821366867 is outside the int32 range, yielding -473600429, which is
of course negative and thus causes the exception.
Is the range check actually necessary in this method? I don't have
the time to track this down...
Despite of this obvious bug, I am pleased to see that VOP still sort
of works despite the long neglect :-)
Regards,
Karsten Otto (kao)
More information about the vos-d
mailing list