Project

General

Profile

Actions

Bug #2727

closed

Convert::ToPacket<Data> off-by-one

Added by Junxiao Shi over 9 years ago. Updated over 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
04/04/2015
Due date:
% Done:

0%

Estimated time:

Description

Snippet:

#include <ns3/ndnSIM-module.h>
#include <ns3/ndnSIM/model/ndn-ns3.hpp>

using namespace ns3;
using namespace ns3::ndn;

int
main()
{
  uint8_t PACKET[] = {
  0x06, 0x20, // Data
        0x07, 0x11, // Name
              0x08, 0x05, 0x68, 0x65, 0x6c, 0x6c, 0x6f, // NameComponent 'hello'
              0x08, 0x01, 0x31, // NameComponent '1'
              0x08, 0x05, 0x77, 0x6f, 0x72, 0x6c, 0x64, // NameComponent 'world'
        0x14, 0x00, // MetaInfo empty
        0x15, 0x00, // Content empty
        0x16, 0x05, // SignatureInfo
               0x1b, 0x01, 0x01, // SignatureType RSA
               0x1c, 0x00, // KeyLocator empty
        0x17, 0x00 // SignatureValue empty
  };

  bool isOk;
  Block block1;
  std::tie(isOk, block1) = Block::fromBuffer(PACKET, sizeof(PACKET));
  NS_ASSERT(isOk);

  shared_ptr<Data> data1 = make_shared<Data>();
  data1->wireDecode(block1);
  std::cout << *data1 << std::endl;

  //Ptr<Packet> pkt = Convert::ToPacket<Data>(*data1);
  Ptr<Packet> pkt = Create<Packet>(PACKET, sizeof(PACKET));
  shared_ptr<const Data> data2 = Convert::FromPacket<Data>(pkt);
  std::cout << *data2 << std::endl;

  std::abort(); // #2664 workaround
  return 0;
}

Steps to reproduce:

  1. install ndnSIM, and apply #2662 note-1 workaround
  2. clone ndnSIM-scenario-template
  3. create file ndnSIM-scenario-template/scenarios/decode.cpp with the above snippet
  4. execute CXXFLAGS='-std=c++0x -Wall' ./waf configure --debug (#2663 note-1 workaround) followed by ./waf --run=decode

Expected: scenario completes successfully

Actual:

terminate called after throwing an instance of 'ndn::tlv::Error'
  what():  TLV length exceeds buffer length

Debug:

(gdb) bt
#0  0x00007fffeb4bf0d5 in __GI_raise (sig=<optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x00007fffeb4c283b in __GI_abort () at abort.c:91
#2  0x00007fffebb1569d in __gnu_cxx::__verbose_terminate_handler() () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#3  0x00007fffebb13846 in ?? () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#4  0x00007fffebb13873 in std::terminate() () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#5  0x00007fffebb1396e in __cxa_throw () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#6  0x00007ffff3c89a15 in ndn::Block::parse (this=0x71c078) at ../src/encoding/block.cpp:313
#7  0x00007ffff3c8634a in ndn::Data::wireDecode (this=0x71bcc0, wire=...) at ../src/data.cpp:139
#8  0x00007ffff3bee4d7 in ns3::ndn::PacketHeader<ndn::Data>::Deserialize (this=0x7fffffffe130, start=...)
    at ../src/ndnSIM/model/ndn-header.cpp:122
#9  0x00007ffff769423f in ns3::Packet::RemoveHeader (this=0x71b6a0, header=...) at ../src/network/model/packet.cc:290
#10 0x00007ffff3c0a83a in ns3::ndn::Convert::FromPacket<ndn::Data> (packet=...) at ../src/ndnSIM/model/ndn-ns3.cpp:37
#11 0x000000000041ca83 in main ()
(gdb) up 6
#6  0x00007ffff3c89a15 in ndn::Block::parse (this=0x71c078) at ../src/encoding/block.cpp:313
313           throw tlv::Error("TLV length exceeds buffer length");
(gdb) p type
$5 = 17
(gdb) p length
$6 = 8
(gdb) p *this
$4 = {m_buffer = {<std::__shared_ptr<ndn::Buffer const, (__gnu_cxx::_Lock_policy)2>> = {_M_ptr = 0x71aa90, _M_refcount = {
        _M_pi = 0x71aad0}}, <No data fields>}, m_type = 6, m_begin = {
    _M_current = 0x71aab0 "\006\a\021\b\005hell\027\204\353\377\177"}, m_end = {_M_current = 0x71aab9 "\027\204\353\377\177"}, 
  m_size = 9, m_value_begin = {_M_current = 0x71aab2 "\021\b\005hell\027\204\353\377\177"}, m_value_end = {
    _M_current = 0x71aab9 "\027\204\353\377\177"}, m_subBlocks = {<std::_Vector_base<ndn::Block, std::allocator<ndn::Block> >> = {
      _M_impl = {<std::allocator<ndn::Block>> = {<__gnu_cxx::new_allocator<ndn::Block>> = {<No data fields>}, <No data fields>}, 
        _M_start = 0x0, _M_finish = 0x0, _M_end_of_storage = 0x0}}, <No data fields>}}
(gdb) x/34x m_begin._M_current
0x71aab0:   0x06    0x07    0x11    0x08    0x05    0x68    0x65    0x6c
0x71aab8:   0x6c    0x17    0x84    0xeb    0xff    0x7f    0x00    0x00
0x71aac0:   0xcd    0xb1    0x71    0x00    0x00    0x00    0x00    0x00
0x71aac8:   0x21    0x00    0x00    0x00    0x00    0x00    0x00    0x00
0x71aad0:   0xf0    0xa0

It seems that <Data> element's TLV-LENGTH octet (0x20) is lost, so that subsequent decoding becomes incorrect.


Related issues 1 (0 open1 closed)

Is duplicate of ndn-cxx - Bug #2728: Block::fromStream decode error when TLV-LENGTH equals whitespaceClosedJunxiao Shi04/04/2015

Actions
Actions #1

Updated by Junxiao Shi over 9 years ago

  • Is duplicate of Bug #2728: Block::fromStream decode error when TLV-LENGTH equals whitespace added
Actions #2

Updated by Junxiao Shi over 9 years ago

  • Status changed from New to Closed
Actions

Also available in: Atom PDF