[Libevent-users] Regarding Libevent Crash Issue

[vijay mishra <enggatwork@xxxxxxxxx>]

Dear Lib-event enthusiasts,Â

I am a beginner and I am using libevent with redsocks.

ÂActually we are struggling with a crash in libevent.

 I was wondering if that is already reported to soem of you guys and someone have some fix for the same . It will be a great hep if you can suggest some solutions to this crash.

The details of this crash are as below :-

Crash type as seen in the Logs

signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr 0x7fa2cd2210

backtrace:

AM write failed: Broken pipe

Using debug symbols we were able to get the stack trace of the function calls. The stack trace for this issue is as below :-

evbuffer_run_callbacks

redsocks/android/jni/libevent/buffer.c:486

evbuffer_read

redsocks/android/jni/libevent/buffer.c:2268

bufferevent_readcb

redsocks/android/jni/libevent/bufferevent_sock.c:165

event_process_active_single_queue

redsocks/android/jni/libevent/event.c:1350

main

redsocks/android/jni/../../main.c:154

As we can see from above that the problem lies with evbuffer_run_callbacks() function at line 486, I am pasting the function code snippet below with theÂProblem Line =>Âhighlighted

Code Snippet:

static void

evbuffer_run_callbacks(struct evbuffer *buffer, int running_deferred)

{

struct evbuffer_cb_entry *cbent, *next;

struct evbuffer_cb_info info;

size_t new_size;

ev_uint32_t mask, masked_val;

int clear = 1;

if (running_deferred) {

mask = EVBUFFER_CB_NODEFER|EVBUFFER_CB_ENABLED;

masked_val = EVBUFFER_CB_ENABLED;

} else if (buffer->deferred_cbs) {

mask = EVBUFFER_CB_NODEFER|EVBUFFER_CB_ENABLED;

masked_val = EVBUFFER_CB_NODEFER|EVBUFFER_CB_ENABLED;

/* Don't zero-out n_add/n_del, since the deferred callbacks

ÂÂ will want to see them. */

clear = 0;

} else {

mask = EVBUFFER_CB_ENABLED;

masked_val = EVBUFFER_CB_ENABLED;

}

ASSERT_EVBUFFER_LOCKED(buffer);

if (TAILQ_EMPTY(&buffer->callbacks)) {

buffer->n_add_for_cb = buffer->n_del_for_cb = 0;

return;

}

if (buffer->n_add_for_cb == 0 && buffer->n_del_for_cb == 0)

return;

new_size = buffer->total_len;

info.orig_size = new_size + buffer->n_del_for_cb - buffer->n_add_for_cb;

info.n_added = buffer->n_add_for_cb;

info.n_deleted = buffer->n_del_for_cb;

if (clear) {

buffer->n_add_for_cb = 0;

buffer->n_del_for_cb = 0;

}

for (cbent = TAILQ_FIRST(&buffer->callbacks);

ÂÂ Â cbent != TAILQ_END(&buffer->callbacks);

ÂÂ Â cbent = next) {

/* Get the 'next' pointer now in case this callback decides

Â* to remove itself or something. */

next = TAILQ_NEXT(cbent, next);

if ((cbent->flags & mask) != masked_val)

continue;

if ((cbent->flags & EVBUFFER_CB_OBSOLETE))

Problem Line => cbent->cb.cb_obsolete(buffer,

ÂÂ Âinfo.orig_size, new_size, cbent->cbarg);

else

cbent->cb.cb_func(buffer, &info, cbent->cbarg);

}

}

It will a great help if anyone of you can suggest a solution from your previous experience(if already encountered such a problem) Âor from your expertise.

Thanks and Regards

enggatwork(Vijay Mishra)