Valgrind Memory Error from Publish

asked 2019-09-26 10:16:16 -0500

samxc gravatar image

updated 2019-09-26 10:24:49 -0500

gvdhoorn gravatar image

I encountered the following error while doing some memory checking on a roscpp node with valgrind:

==16953== Thread 2:
==16953== Syscall param socketcall.sendto(msg) points to uninitialised byte(s)
==16953==    at 0x50B19FF: send (send.c:26)
==16953==    by 0x53CB800: ros::TransportTCP::write(unsigned char*, unsigned int) (in /opt/ros/kinetic/lib/libroscpp.so)
==16953==    by 0x53592CA: ros::Connection::writeTransport() (in /opt/ros/kinetic/lib/libroscpp.so)
==16953==    by 0x53D181B: ros::TransportTCP::socketUpdate(int) (in /opt/ros/kinetic/lib/libroscpp.so)
==16953==    by 0x540E4EF: ros::PollSet::update(int) (in /opt/ros/kinetic/lib/libroscpp.so)
==16953==    by 0x5393AC4: ros::PollManager::threadFunc() (in /opt/ros/kinetic/lib/libroscpp.so)
==16953==    by 0x6F635D4: ??? (in /usr/lib/x86_64-linux-gnu/libboost_thread.so.1.58.0)
==16953==    by 0x50A86B9: start_thread (pthread_create.c:333)
==16953==    by 0x635B41C: clone (clone.S:109)
==16953==  Address 0xb63506c is 12 bytes inside a block of size 166 alloc'd
==16953==    at 0x4C2E80F: operator new[](unsigned long) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==16953==    by 0x4222FB: ros::SerializedMessage ros::serialization::serializeMessage<rover_msgs::Command_<std::allocator<void> > >(rover_msgs::Command_<std::allocator<void> > const&) (serialization.h:810)
==16953==    by 0x42789D: ros::SerializedMessage boost::_bi::list1<boost::reference_wrapper<rover_msgs::Command_<std::allocator<void> > const> >::operator()<ros::SerializedMessage, ros::SerializedMessage (*)(rover_msgs::Command_<std::allocator<void> > const&), boost::_bi::list0>(boost::_bi::type<ros::SerializedMessage>, ros::SerializedMessage (*&)(rover_msgs::Command_<std::allocator<void> > const&), boost::_bi::list0&, long) (bind.hpp:243)
==16953==    by 0x426FB6: boost::_bi::bind_t<ros::SerializedMessage, ros::SerializedMessage (*)(rover_msgs::Command_<std::allocator<void> > const&), boost::_bi::list1<boost::reference_wrapper<rover_msgs::Command_<std::allocator<void> > const> > >::operator()() (bind.hpp:893)
==16953==    by 0x426151: boost::detail::function::function_obj_invoker0<boost::_bi::bind_t<ros::SerializedMessage, ros::SerializedMessage (*)(rover_msgs::Command_<std::allocator<void> > const&), boost::_bi::list1<boost::reference_wrapper<rover_msgs::Command_<std::allocator<void> > const> > >, ros::SerializedMessage>::invoke(boost::detail::function::function_buffer&) (function_template.hpp:138)
==16953==    by 0x538BA8F: ros::TopicManager::publish(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, boost::function<ros::SerializedMessage ()> const&, ros::SerializedMessage&) (in /opt/ros/kinetic/lib/libroscpp.so)
==16953==    by 0x4205CB: void ros::Publisher::publish<rover_msgs::Command_<std::allocator<void> > >(rover_msgs::Command_<std::allocator<void> > const&) const (publisher.h:118)
==16953==    by 0x4E76AC6: RoverJoystick::Command::publish(int, ros::Time) (rover_joystick.h:46)
==16953==    by 0x4E71BA0: RoverJoystick::publishPendingData() (rover_joystick.cc:174)
==16953==    by 0x4E71989: RoverJoystick::read() (rover_joystick.cc:158)
==16953==    by 0x4E71C42: RoverJoystick::readThread(void*) (rover_joystick.cc:183)
==16953==    by 0x50A86B9: start_thread (pthread_create.c:333)
==16953==

This error only occurs when I subscribe to the publishing topic from this node. This error only occurs once after the first message is published and received by a subscriber. There are no other memory errors in my program. I've also diligently checked for uninitialized memory.

Here are some more details about my setup:

  • ROS kinetic, Ubuntu 16.04, x86 64 bit
  • Valgrind-3.11.0 and LibVEX

Any ideas on what could cause this error are appreciated.

edit retag flag offensive close merge delete

Comments

Can you give a bit more context here? This is to say what behavior prompted you to run your roscpp node through valdrind in the first place?

Unrelated, I really appreciate this work. We need people doing this to improve security, particularly in ROS2. Would you consider writing a quick tutorial on your setup and putting it on the wiki?

kscottz gravatar image kscottz  ( 2019-09-26 13:46:35 -0500 )edit

Sure. I always try to run valgrind on any code with manual memory management to make sure that there are no memory leaks, null pointers, invalid reads / writes, etc.

I'm not doing anything special. I'm just launching roscore in one terminal, and navigating to the node executable folder in another window to run valgrind. I've done this on nodes in the past and this is the first time this error was prompted.

samxc gravatar image samxc  ( 2019-09-27 07:17:25 -0500 )edit

This is good to know. Unfortunately I don't have a good answer but I think this is really interesting and useful. You may consider reaching out to the ROS 2 Security Working Group.

kscottz gravatar image kscottz  ( 2019-09-27 12:30:19 -0500 )edit

This has nothing to do with either "security" or ROS 2 - so that working group is not the right place.

Please consider to fill a ticket in the bugtracker of roscpp with reproducible steps. It would be good to check before if the problem still exists in ROS Melodic.

Dirk Thomas gravatar image Dirk Thomas  ( 2019-09-27 12:51:45 -0500 )edit

Dirk, can you please provide a link to the repository or whatever bugtracker roscpp uses?

samxc gravatar image samxc  ( 2019-10-01 14:38:49 -0500 )edit

See http://wiki.ros.org/roscpp

Dirk Thomas gravatar image Dirk Thomas  ( 2019-10-01 15:14:39 -0500 )edit
add a comment