|Anonymous | Login | Signup for a new account||2015-08-30 01:33 CEST|
|Main | My View | View Issues | Change Log | Roadmap|
|View Issue Details|
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0005318||OCaml||OCaml general||public||2011-07-21 20:56||2013-08-31 12:49|
|Target Version||Fixed in Version||4.00.0+dev|
|Summary||0005318: segfault on stack overflow when reading marshaled data|
|Description||The attached code implements a doubly linked list, following the implementation of queues from the standard library.|
The program sigfaults when reading the marshaled data of a doubly linked list of length more than 100000 (the minimal length for which it crashes is between 90000 and 100000). It works fine for smaller values.
|Additional Information||tested with ocaml, ocamlc, and ocamlopt on a 64 bit machine running Linux|
|Tags||No tags attached.|
|Attached Files||issue.ml [^] (897 bytes) 2011-07-21 20:56 [Show Content]|
Unfortunately, your data structure is too deep for Marshal.from_string which triggers a stack overflow. Marshal.from_string is optimized for trees, i.e. depth in log(n), and simple lists. You should consider either changing the representation of your doubly linked list, or save it into an array first, save the array with Marshal.to_string, and then do the reverse when unmarshaling.
Fixing this would require implementing another marshal/unmarshal couple, more expensive in memory, but without recursion on the stack.
|Still, the same issue arises when outputting into/inputting from a file.|
|Of course, Marshal.from/to_string share the C code with input/output_value, so all of them should trigger the same problem. You should consider saving the doubly linked list in an array first, before outputting it.|
|OK, thank you.|
Feature wish: a non-recursive implementation of byterun/extern.c, perhaps following the same pattern as byterun/compare.c.
|I am relatively sure that the implementation of unmarshal for OCaml 3.12 available in http://frama-c.com/download/frama-c-Nitrogen-20111001.tar.gz [^] (files external/un*.ml*) and documented at http://blog.frama-c.com/public/unmarshal.pdf [^] does not have this issue.|
|The problem here is with marshaling. But, yes, the unmarshaler in byterun/intern.c is also recursive and vulnerable to stack overflows.|
This has been fixed now (the recursion has been unrolled in both marshaller and un-marshaller).
Please see SVN trunk revisions: 12390, 12250, 12248 and 12247, and also merged into 4.0.
|Merged from trunk to 4.0 as SVN revisions r12392 and r12394.|
|2011-07-21 20:56||eugenz||New Issue|
|2011-07-21 20:56||eugenz||File Added: issue.ml|
|2011-07-21 22:42||lefessan||Note Added: 0006049|
|2011-07-21 22:47||eugenz||Note Added: 0006050|
|2011-07-21 22:52||lefessan||Note Added: 0006051|
|2011-07-21 23:30||eugenz||Note Added: 0006052|
|2011-12-20 09:47||xleroy||Note Added: 0006397|
|2011-12-20 09:47||xleroy||Status||new => acknowledged|
|2011-12-20 09:50||xleroy||Summary||sigfault when reading marshaled data => segfault on stack overflow when reading marshaled data|
|2011-12-20 15:14||pascal_cuoq||Note Added: 0006417|
|2011-12-20 15:43||xleroy||Note Added: 0006420|
|2012-02-20 03:00||meyer||Assigned To||=> meyer|
|2012-02-20 03:00||meyer||Status||acknowledged => assigned|
|2012-04-23 23:41||meyer||Note Added: 0007388|
|2012-04-23 23:42||meyer||Status||assigned => resolved|
|2012-04-23 23:42||meyer||Fixed in Version||=> 4.00.0+dev|
|2012-04-23 23:42||meyer||Resolution||open => fixed|
|2012-04-25 02:52||meyer||Note Added: 0007389|
|2013-08-31 12:49||xleroy||Status||resolved => closed|
|Copyright © 2000 - 2011 MantisBT Group|