Monday, May 19, 2008

OWFS 2.7p4

From OWFS site: OWFS is an easy way to use the powerful 1-wire system of Dallas/Maxim.

I've found a bug in OWFS 2.7p4. A badly written lock results in access to already freed memory region. In my case it usually shows itself in 1sec to 5 minutes of working in heavily simultaneous mode with many 1-wire devices. With this bugs OWFS ends up in a crash in a random place (usually tsearch complains about damaged list). GDB was not of much help here. But Valgrind (a really great tool) helped a lot.
==16965== Thread 9:
==16965== Invalid read of size 4
==16965== at 0x405F7A5: LockGet (ow_locks.c:142)
==16965== by 0x4066195: FS_r_given_bus (ow_read.c:229)
==16965== by 0x40663B2: FS_read_distribute (ow_read.c:191)
==16965== by 0x40668AD: FS_read_postparse (ow_read.c:106)
==16965== by 0x4066AEA: FS_read (ow_read.c:58)
==16965== by 0x409E26D: fuse_fs_read (in /usr/lib/libfuse.so.2.7.3)
==16965== by 0x40A2A12: (within /usr/lib/libfuse.so.2.7.3)
==16965== by 0x40A5F48: (within /usr/lib/libfuse.so.2.7.3)
==16965== by 0x40A6EAF: (within /usr/lib/libfuse.so.2.7.3)
==16965== by 0x40A86D5: fuse_session_process (in /usr/lib/libfuse.so.2.7.3)
==16965== by 0x40A4AD4: (within /usr/lib/libfuse.so.2.7.3)
==16965== by 0x40C8382: start_thread (in /lib/libpthread-2.7.so)
==16965== Address 0x43b8dc8 is 0 bytes inside a block of size 16 free'd
==16965== at 0x402465C: free (vg_replace_malloc.c:323)
==16965== by 0x41B281A: tdelete (in /lib/libc-2.7.so)
==16965== by 0x405F62B: LockRelease (ow_locks.c:164)
==16965== by 0x40662AD: FS_r_given_bus (ow_read.c:236)
==16965== by 0x40663B2: FS_read_distribute (ow_read.c:191)
==16965== by 0x40668AD: FS_read_postparse (ow_read.c:106)
==16965== by 0x4066AEA: FS_read (ow_read.c:58)
==16965== by 0x409E26D: fuse_fs_read (in /usr/lib/libfuse.so.2.7.3)
==16965== by 0x40A2A12: (within /usr/lib/libfuse.so.2.7.3)
==16965== by 0x40A5F48: (within /usr/lib/libfuse.so.2.7.3)
==16965== by 0x40A6EAF: (within /usr/lib/libfuse.so.2.7.3)
==16965== by 0x40A86D5: fuse_session_process (in /usr/lib/libfuse.so.2.7.3)

It has already been working for 2 hours, but I will wait a little bit more before send this patch to mailing list of OWFS.

Here is the patch.

P.S. Also Valgrind shows total memory leaks of 4kb.

(update 19 feb 2009: now it has been in work for nearly one year without any crash)