-1

My Chatbot polling feature is not working properly, I'm getting segmentation error on a thread handler, i used gdb to see more stuff and here there is what i got:

Thread 4 "St3veB0t" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff67c2700 (LWP 5957)]
0x0000555555557243 in poll_handler ()
(gdb) bt
#0  0x0000555555557243 in poll_handler ()
#1  0x00007ffff7bbd6db in start_thread (arg=0x7ffff67c2700)
    at pthread_create.c:463
#2  0x00007ffff78e688f in clone ()
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

The function poll_handler() is this:

void * poll_handler(void * args)
{
    FILE * fp;
    struct VoteData  vote;
    struct PollHandlerData * data = (struct PollHandlerData *)args;
    int res;
    char * string = (char *)malloc(sizeof(char)*MAX_BUFFER);


    sleep(60);
    *data->status = 0;    
    *data->vote_count = 0;

    if(!(fp = fopen("polls/votes.txt", "r")))
    {
        fprintf(stderr, "\nError in reading file\n");
         if(!(fp = fopen("polls/votes.txt", "w+")))
         {
            fprintf(stderr, "\nError in creating file\n");
            exit(EXIT_FAILURE);
         }
    }

    vote = GetMostVote(fp);

    strcpy(string, "PRIVMSG #st3ver0nix : Polling terminated, the majority voted: ");
    strcat(string, vote.word);
    strcat(string, "\r\n");

     do{
        res = write(data->sock, string, strlen(string));
    }while(res < strlen(string));

    fclose(fp);
    free(string);
    pthread_exit(NULL);
}

The function that creates the thread is this:

void CreatePoll(int sock, char * message, char * poll_name, int * status, int * vote_count)
{
    pthread_t tid;
    struct PollHandlerData * data = (struct PollHandlerData *)malloc(sizeof(struct PollHandlerData));
    char * name = (char *)malloc(sizeof(char)*MAX_BUFFER);


    GetPollName(message, name);
    sscanf(name, "%s", poll_name);

    data->sock = sock;
    data->status = status;
    sscanf(poll_name, "%s", data->name);

    pthread_create(&tid, NULL, poll_handler, (void *)data);
    pthread_detach(tid);

    free(name);
}

The structures PollHandlerData and VoteData have this form:

struct PollHandlerData
{
    int sock;
    char name[128];
    int * status;
    int * vote_count;
};

struct VoteData
{
    char word[128];
    int freq;
};

I really don't know what's wrong in my code. I'm using POSIX pthreads. Pls let me know if you need more information about the code.

Stefano Raneri
  • 93
  • 1
  • 9
  • What is `PollHandlerData`? How is it defined? The statements `*data->status = 0;` and `*data->vote_count = 0;` looks suspicious. So does your two `sscanf` calls in `CreatePoll`. And why do you allocate memory for `name` dynamically? – Some programmer dude Feb 11 '19 at 19:08
  • Probably `*data->status = 0;` should be `data->status = 0;`. Likewise `*data->vote_count = 0;` should be `data->vote_count = 0;` – John Bollinger Feb 11 '19 at 19:11
  • 1
    And in C you [should not cast the result of `malloc`](https://stackoverflow.com/questions/605845/do-i-cast-the-result-of-malloc/) (or any function returning `void *`, as well as `void *` arguments). – Some programmer dude Feb 11 '19 at 19:12
  • 1
    Lastly, if you build with debug information (using the `-g` flag when building the source) then you will get proper line-number information in your debugger call-stack. – Some programmer dude Feb 11 '19 at 19:13
  • There is no option `-g` in gdb... – Stefano Raneri Feb 11 '19 at 19:53
  • The int variables passed to the function `poll_handler` are declared outside the brackets. – Stefano Raneri Feb 11 '19 at 19:55
  • 1
    Can you please a buildable code? It's hard to diagnose it without seeing the whole code. – stensal Feb 12 '19 at 03:40
  • Please try to create a [mcve] to show us. This needs to show us how you call your `CreatePoll` function. And (again) please build with debug information enabled so that you know *where* the crash happens in your code when you catch it in the debugger. That is actually very crucial information. – Some programmer dude Feb 12 '19 at 06:00

1 Answers1

1

As per the observation in poll_handler() thread assignment is done for the vote_count is making this crash:

*data->vote_count = 0;

In function CreatePoll() before creating the thread vote_count pointer inside the data variable is not allocated or not pointing to any valid pointer since only malloc is done to variable data and it will have any garbage value. So it is getting crashed in the poll_handler() while accessing invalid pointer.

note: vote_count will have a garbage value, if this is a valid pointer for the process then this may not make process crash.

Deepak
  • 86
  • 9
  • It's not a guaranteed crash. It will lead to [*undefined behavior*](https://en.wikipedia.org/wiki/Undefined_behavior) though, and is the *probable* cause of the crash. – Some programmer dude Feb 12 '19 at 06:04
  • Yes this is undefined behavior, based on the value that is present in vote_count crash may not happen also, but most probably this will lead to crash as the value will not be pointing to a valid address witch is allocated for the running process by memory management unit. – Deepak Feb 12 '19 at 06:07