g_io_channel_unix_new() call results in SIGSEGV when client tries to re-establish connection
Hi I'm trying to implement a WebSocket Server using the glib APIs. The server succeeds in handshaking and excahnaging messages with the client(Chrome Browser). The problem appears after I disconnect from the client side using socket.close() and then try to reconnect. The server then crashes in the g_io_channel_unix_new() call. This is the channel being created to listen for data from the new client. I tried unref'ing the last used client's io_channel but that didn't help. Could someone throw some light on this issue. Here's the relevant code
gboolean
read_socket (GIOChannel *in, GIOCondition condition, gpointer data)
{
gint got=0, ret=0;
char message[256]={'\0'};
char *handShakeReply = NULL, *reply = NULL;
char *p=NULL;
HandshakeParams hsParams;
unsigned long key1=0, key2=0;
unsigned char resultKey[16]={'\0'};
gint local_client_socket = g_io_channel_unix_get_fd(in);
if(condition & G_IO_HUP)
{
printf("\nUnexpected Broken pipe error on client_fd\n");
close(local_client_socket);
return FALSE;
}
memset(message,0,256);
memset(&hsParams, 0, sizeof(HandshakeParams));
if(isHandShakeDone==0)
{
printf("\nHandshaking..\n");
got = recv (local_client_socket, message, 256, 0);
if (got < 0)
{
printf("Failed to read from socket");
/*TRUE becasue we still want GmainLoop to monitor this eventsource, the socket*/
return TRUE;
}
printf("GOT MESSAGE:\n%s\n", message);
collect_handshake_params(message, &hsParams);
handShakeReply = (char*)malloc(1024);
memset(handShakeReply, 0, 1024);
p = handShakeReply;
strcpy(p, "HTTP/1.1 101 WebSocket Protocol Handshake\x0d\x0a");
p += strlen("HTTP/1.1 101 WebSocket Protocol Handshake\x0d\x0a");
strcpy(p, "Upgrade: WebSocket\x0d\x0a");
p += strlen("Upgrade: WebSocket\x0d\x0a");
strcpy(p, "Connection: Upgrade\x0d\x0a");
p += strlen("Connection: Upgrade\x0d\x0a");
strcpy(p, "Sec-WebSocket-Origin: ");
p += strlen("Sec-WebSocket-Origin: ");
strcpy(p, hsParams.origin);
p += strlen(hsParams.origin);
strcpy(p, "\x0d\x0aSec-WebSocket-Location: ws://");
p += strlen("\x0d\x0aSec-WebSocket-Location: ws://");
strcpy(p, hsParams.host);
p += strlen(hsParams.host);
strcpy(p, "/mySession\x0d\x0a");
p += strlen("/mySession\x0d\x0a");
strcpy(p, "\x0d\x0a");
p += strlen("\x0d\x0a");
if((ret=interpret_key(hsParams.key1,&key1)) < 0)
{
printf("\nError in parsing key1! Errcode=%d\n",ret);
return FALSE;
}
else
{
printf("\nStripped Key1 = %ld\n", key1);
}
if((ret=interpret_key(hsParams.key2,&key2)) < 0)
{
printf("\nError in parsing key2! Errcode=%d\n",ret);
return FALSE;
}
else
{
printf("\nStripped Key2 = %ld\n", key2);
}
//Arrange in Network Byte Order!
resultKey[0] = key1 >> 24;
resultKey[1] = key1 >> 16;
resultKey[2] = key1 >> 8;
resultKey[3] = key1;
resultKey[4] = key2 >> 24;
resultKey[5] = key2 >> 16;
resultKey[6] = key2 >> 8;
resultKey[7] = key2;
memcpy(&resultKey[8], hsParams.key3, 8);
copyMD5Hash(resultKey, (unsigned char *)p);
p += 16;
printf("\nHandshake Reply:\n%s\n", handShakeReply);
ret = send(local_client_socket, handShakeReply, p-handShakeReply, 0);
if(ret < 0)
{
perror("\nError in sending handshake reply:");
}
else
{
isHandShakeDone=1;
}
free(handShakeReply);
p=NULL;
free_handshake_params(&hsParams);
}
else
{
printf("\nServing Client..\n");
getClientRequest(local_client_socket, message);
if(message[0] == '\0')
{
/*Close this connection for this client instance and wait for connection from the next instance of client*/
close(local_client_socket);
#if 0
GIOStatus status;
GError *error=NULL;
status = g_io_channel_shutdown(in,TRUE,&error);
if(status==G_IO_STATUS_NORMAL)
{
printf("\nClient IO channel shutdown was normal\n");
}
else
{
printf("\nIO channel shutdown status: %d\n", status);
}
/*Unref twice since g_io_add_watch() increases the reference count too*/
g_io_channel_unref(in);
g_io_channel_unref(in);
#endif
isHandShakeDone=0;
return TRUE;
}
reply = (char*)malloc(256);
memset(reply, 0, 1024);
p = reply;
*p = 0;
p++;
strcpy(p,"This is the server's reply!");
p += strlen("This is the server's reply!");
*p = 255;
p++;
ret = send(local_client_socket, reply, p-reply, 0);
if(ret < 0)
{
perror("\nError in sending response:");
}
}
return TRUE;
}
gboolean
handle_socket(GIOChannel *in, GIOCondition condition, gpointer data)
{
GIOChannel *client_channel;
gint client_socket;
gint socket_fd = g_io_channel_unix_get_fd(in);
if(condition & G_IO_HUP)
{
printf("\nUnexpected Broken pipe error on socket_fd\n");
close(socket_fd);
return FALSE;
}
if(isHandShakeDone==0)
{
client_socket = accept (socket_fd, NULL, NULL);
if (client_socket < 0)
{
g_print("ERROR CLIENT_SOCKET VALUE!!!!!!!!!!!!!!!!!!!!");
return FALSE;
}
client_channel = NULL;
/*Program crashes on this call*/
client_channel = g_io_channel_unix_new (client_socket);
g_io_channel_set_encoding (client_channel, NULL, NULL);
g_io_channel_set_buffered (client_channel, FALSE);
g_io_add_watch (client_channel, G_IO_IN | G_IO_HUP, (GIOFunc) read_socket, NULL);
}
return TRUE;
}
int main(int argc, char **argv)
{
GIOChannel *channel_socket;
gint socket_fd;
static GMainLoop *loop = NULL;
struct sockaddr_in serv_addr;
g_type_init();
isHandShakeDone=0;
socket_fd = socket (AF_INET, SOCK_STREAM, 0);
if (socket_fd < 0)
{
g_print("Error creating socket\n");
exit (1);
}
bzero((char *) &serv_addr, sizeof(serv_addr));
serv_addr.sin_family = AF_INET;
serv_addr.sin_port = htons(49059);
serv_addr.sin_addr.s_addr = inet_addr("127.0.0.1");
if (bind (socket_fd, (struct sockaddr *) &serv_addr, sizeof(serv_addr)) < 0)
{
g_print("Error binding socket");
exit(2);
}
listen (socket_fd, 5);
channel_socket = g_io_channel_unix_new (socket_fd);
g_io_channel_set_encoding (channel_socket, NULL, NULL);
g_io_channel_set_buffered (channel_socket, FALSE);
g_io_add_watch (channel_socket, G_IO_IN | G_IO_HUP, (GIOFunc) handle_socket, NULL);
g_print("GOING INTO MAINLOOP\n");
loo开发者_如何学Pythonp = g_main_loop_new (NULL, FALSE);
g_main_loop_run (loop);
}
Here's the GDB backtrace:
(gdb) bt
#0 0x002c983e in ?? () from /lib/tls/i686/cmov/libc.so.6
#1 0x002cbff6 in ?? () from /lib/tls/i686/cmov/libc.so.6
#2 0x002cdf9c in malloc () from /lib/tls/i686/cmov/libc.so.6
#3 0x001bf244 in g_malloc () from /lib/libglib-2.0.so.0
#4 0x001fb4ac in g_io_channel_unix_new () from /lib/libglib-2.0.so.0
#5 0x08049b01 in handle_socket (in=0x8051f60, condition=G_IO_IN, data=0x0) at test_server.c:498
#6 0x001faefb in ?? () from /lib/libglib-2.0.so.0
#7 0x001b65e5 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#8 0x001ba2d8 in ?? () from /lib/libglib-2.0.so.0
#9 0x001ba817 in g_main_loop_run () from /lib/libglib-2.0.so.0
#10 0x08049ce4 in main (argc=1, argv=0xbffff344) at test_server.c:551
(gdb)
@ HungryTux, you answered you own question, but FYI, you can
memset(reply, 0, sizeof(reply))
or
#define REPLY_SIZE 256
reply = (char*)malloc(REPLY_SIZE);
memset(reply, 0, REPLY_SIZE);
Generally the only numbers which should appear in your code are 0, 1, -1 and very occasionally 2.
Pretty much anything else should be a symbol!
精彩评论