Telodendria raises a bad pointer when logging in with Nheko #33
Labels
No labels
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
No milestone
No project
No assignees
2 participants
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: Telodendria/Telodendria#33
Loading…
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Currently, when trying to login using Nheko to a Telodendria server running on GNU/Linux(while spoofing the supported versions, since Nheko doesn't like anything >v1.5), Telodendria will hit a bad pointer:
HttpRouter.c:291: Bad pointer to 0 bytes of memory at [ptr].
,which happens to be when Telodendria is freeing all of the matches for the routing part(in
HttpRouterRoute
), with the last route handled in the logs beingGET /_matrix/client/v3/room_keys/version
Trying to see the stacktrace using GDB also seems to show that this happens when trying to match the path
\a
(memory corruption going on?).Extra information about everything's here.
GDB
bt
output of the core dump:Telodendria log file(level set to
debug
):Weirdly enough, I could only replicate this with Nheko. Trying my way to send requests myself never caused Telodendria to crash.
Thanks for the logs.
I wonder if this is some sort of concurrency issue somewhere, because it looks like thread 2 throws the error after thread 3 has returned a 404.
Is this pretty reliably replicated? That is, does it do this every single time, or does it behave differently sometimes?
I wonder if this is related to #21. Obviously not a duplicate, because this is a heck of a lot more detailed than #21 is, but that'd be nice if fixing this and any other specific problems we have make #21 no longer an issue.
I've tried a few times, and it seems like it happens 100% of the time with Nheko.
Great! Issues like this are so much easier to debug. If you want to try to debug this one, go ahead, and feel free to ask questions. Otherwise, I'll plan on tackling this sometime after I finish the Gitea Migration, or at least get far enough into it that I feel comfortable with Telodendria's online presence.
Noting that down for posterity: Logging in every memory action Telodendria does(by removing the part after the
&&
in the "prologue" ofTelodendriaMemoryHook
seems to make the issue go away, though this looks like quite the red herring to me(and also is a pretty bodge-y solution)Also: I doubt it is a threading issue, as it still seems to crash when setting the thread count and max connections to 1.
EDIT: It seems like that from previous testing, you don't even have to log memory actions, and it only fixes itself when the condition:
(a == MEMORY_ALLOCATE) || (a == MEMORY_REALLOCATE) || (a == MEMORY_FREE)
is removed, although I haven't tested this as much.I think I am going to investigate this a bit more tomorrow with other tools than GDB.
Good thinking with setting threads and connections to 1. Not sure why changing the logging configuration would make the issue go away, that's really strange.
After a bit of debugging a few hours ago, I think I was able to determine that matches added with this code(in
HttpRouterRoute
):ArrayAdd(matches, StrSubstr(pathPart, pmatch[i].rm_so, pmatch[i].rm_eo));
somehow become invalid before the freeing part, thus causing a bad pointer issue.I have still to determine why exactly is it becoming invalid.
Edit: Just found the culprit, making a PR soon.