Segmentation fault when window is resized #4291

anseki · 2015-12-15T12:17:08Z

The process throws "Segmentation fault" if an user resize a window when a script is waiting for user input via TTY, after it accesses to process.stdout.

For example:

var
  fs = require('fs'),
  bufferSize = 1024,
  buffer = new Buffer(bufferSize),
  readSize,
  chunk;

readSize = fs.readSync(fs.openSync('/dev/tty', 'r'), buffer, 0, bufferSize);
chunk = buffer.toString('utf8', 0, readSize);

console.log('INPUT: ' + chunk);

This code above works fine without error.

foo
INPUT: foo

But, if process.stdout is accessed:

var
  fs = require('fs'),
  bufferSize = 1024,
  buffer = new Buffer(bufferSize),
  readSize,
  chunk;

process.stdout; // access to property

readSize = fs.readSync(fs.openSync('/dev/tty', 'r'), buffer, 0, bufferSize);
chunk = buffer.toString('utf8', 0, readSize);

console.log('INPUT: ' + chunk);

If a window is resized when the script is waiting for user input, it throws "Segmentation fault".

I tried this code in some versions, and it seems that this issue occurs in v3.3.0+.
v3.2.0 is OK.
v3.3.0 makes this issue occur.

Is this a problem of libuv v1.7.3 ?

The text was updated successfully, but these errors were encountered:

anseki · 2015-12-15T12:47:37Z

This issue occurs at least in OS X 10 and Ubuntu.
I don't know a case in Windows because Command Window of Windows can't resize window, maybe.

evanlucas · 2015-12-15T14:49:53Z

hm this is what I'm getting in lldb:

Process 8536 stopped
* thread #1: tid = 0x1057ca, 0x0000000100c1227a node_g`uv__fs_read(req=0x00007fff5fbfe648) + 74 at fs.c:275, queue = 'com.apple.main-thread, stop reason = EXC_BAD_ACCESS (code=1, address=0x0)
    frame #0: 0x0000000100c1227a node_g`uv__fs_read(req=0x00007fff5fbfe648) + 74 at fs.c:275
   272  #endif /* defined(_AIX) */
   273    if (req->off < 0) {
   274      if (req->nbufs == 1)
-> 275        result = read(req->file, req->bufs[0].base, req->bufs[0].len);
   276      else
   277        result = readv(req->file, (struct iovec*) req->bufs, req->nbufs);
   278    } else {

It looks like req->nbufs is 1, but req->bufs is NULL

uv__fs_buf_iter currently sets req->bufs to NULL after it is done, but if the operation fails with EINTR then it will be retried, at which point it expects the bufs to not be NULL, causing a seg fault as in nodejs/node#4291. uv__fs_buf_iter should not set req->bufs to NULL if the operation fails with EINTR. Also, when it sets req->bufs to NULL, it should set req->nbufs to 0 as well, so we don't have the messy situation of a positive nbufs with no actual bufs.

uv__fs_buf_iter currently sets req->bufs to NULL after it is done, but if the operation fails with EINTR then it will be retried, at which point it expects the bufs to not be NULL, causing a seg fault as in nodejs/node#4291. uv__fs_buf_iter should not set req->bufs to NULL if the operation fails with EINTR. Also, when it sets req->bufs to NULL, it should set req->nbufs to 0 as well, so we don't have the messy situation of a positive nbufs with no actual bufs. Review followups -move the check for EINTR to before we free bufs -pass retry_on_eintr to uv__fs_buf_iter -add a first cut at a test

uv__fs_buf_iter currently sets req->bufs to NULL after it is done, but if the operation fails with EINTR then it will be retried, at which point it expects the bufs to not be NULL, causing a seg fault as in nodejs/node#4291. uv__fs_buf_iter should not set req->bufs to NULL if the operation fails with EINTR. Also, when it sets req->bufs to NULL, it should set req->nbufs to 0 as well, so we don't have the messy situation of a positive nbufs with no actual bufs.

uv__fs_buf_iter currently sets req->bufs to NULL after it is done, but if the operation fails with EINTR then it will be retried, at which point it expects the bufs to not be NULL, causing a seg fault as in nodejs/node#4291. uv__fs_buf_iter should not set req->bufs to NULL if the operation fails with EINTR. Also, when it sets req->bufs to NULL, it should set req->nbufs to 0 as well, so we don't have the messy situation of a positive nbufs with no actual bufs. PR-URL: #661 Reviewed-By: Fedor Indutny <fedor@indutny.com>

indutny · 2016-01-19T03:09:33Z

I believe this should be fixed by libuv update. cc @saghul ;)

saghul · 2016-01-19T08:45:33Z

Yeah, the next libuv upgrade includes a fix for this.

MylesBorins · 2016-01-19T17:55:03Z

@saghul @nodejs/lts should we backport the patch to LTS?

indutny · 2016-01-19T19:18:02Z

I believe we should.

rvagg · 2016-01-20T09:28:50Z

I'll reserve final judgement until I see the libuv delta, if it's low-impact then that ought to be fine

saghul · 2016-01-20T09:45:36Z

Agreed with @rvagg. Also, since we keep backwards API compatibility and a stable ABI, all libuv upgrades will end up on LTS, right?

rvagg · 2016-01-20T09:57:13Z

I think we had this discussion not long ago, didn't we? I'd lean toward not making a firm rule about it but in general ABI and API compat upgrades in libuv would end up in LTS. If there was a particularly big delta then that may be cause for concern.

Fixes: nodejs#5737 Fixes: nodejs#4643 Fixes: nodejs#4291 Fixes: nodejs/node-v0.x-archive#8960 Refs: nodejs#3594 PR-URL: nodejs#5994

Fixes: #5737 Fixes: #4643 Fixes: #4291 Fixes: nodejs/node-v0.x-archive#8960 Refs: #3594 PR-URL: #5994 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Johan Bergström <bugs@bergstroem.nu>

Fixes: nodejs#5737 Fixes: nodejs#4643 Fixes: nodejs#4291 Fixes: nodejs/node-v0.x-archive#8960 Refs: nodejs#3594 PR-URL: nodejs#5994 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Johan Bergström <bugs@bergstroem.nu>

Fixes: #5737 Fixes: #4643 Fixes: #4291 Fixes: nodejs/node-v0.x-archive#8960 Refs: #3594 PR-URL: #5994 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Johan Bergström <bugs@bergstroem.nu>

Fishrock123 added the c++ Issues and PRs that require attention from people who are familiar with C++. label Dec 15, 2015

mscdex added the libuv Issues and PRs related to the libuv dependency or the uv binding. label Dec 15, 2015

davidvgalbraith mentioned this issue Dec 20, 2015

uv__fs_buf_iter: don't nullify req->bufs on EINTR libuv/libuv#661

Closed

davidvgalbraith mentioned this issue Dec 20, 2015

Strange behavior specific to Windows 2012r2 with a single processor #4358

Closed

bnoordhuis added the lts-watch-v4.x label Feb 12, 2016

saghul mentioned this issue Apr 1, 2016

deps: upgrade libuv to 1.9.0 #5994

Merged

4 tasks

saghul added a commit to saghul/node that referenced this issue Apr 7, 2016

deps: upgrade libuv to 1.9.0

55a964e

Fixes: nodejs#5737 Fixes: nodejs#4643 Fixes: nodejs#4291 Fixes: nodejs/node-v0.x-archive#8960 Refs: nodejs#3594 PR-URL: nodejs#5994

saghul closed this as completed in #5994 Apr 7, 2016

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Segmentation fault when window is resized #4291

Segmentation fault when window is resized #4291

anseki commented Dec 15, 2015

anseki commented Dec 15, 2015

evanlucas commented Dec 15, 2015

indutny commented Jan 19, 2016

saghul commented Jan 19, 2016

MylesBorins commented Jan 19, 2016

indutny commented Jan 19, 2016

rvagg commented Jan 20, 2016

saghul commented Jan 20, 2016

rvagg commented Jan 20, 2016

Segmentation fault when window is resized #4291

Segmentation fault when window is resized #4291

Comments

anseki commented Dec 15, 2015

anseki commented Dec 15, 2015

evanlucas commented Dec 15, 2015

indutny commented Jan 19, 2016

saghul commented Jan 19, 2016

MylesBorins commented Jan 19, 2016

indutny commented Jan 19, 2016

rvagg commented Jan 20, 2016

saghul commented Jan 20, 2016

rvagg commented Jan 20, 2016