Why am I getting a segmentation fault in my C server program (but only sometimes)?
Question
Right now, I'm trying to write a simple client/server application in order to measure the round trip time on a LAN for TCP messages of various sizes (I'm doing the timing client side). The program works fine for small packet sizes (> 1000 bytes) but I end up with a segmentation fault: 11 error for inputs of larger magnitude (10KB or greater).
int main()
{
struct sockaddr_in sin;
char buf[MAX_LINE];
int len;
int s, new_s;
/* build address data structure */
bzero((char *)& sin, sizeof( sin));
sin.sin_family = AF_INET;
sin.sin_addr.s_addr = INADDR_ANY;
sin.sin_port = htons( SERVER_PORT);
/* setup passive open */
if (( s = socket( PF_INET, SOCK_STREAM, 0)) < 0) {
perror("tcp program: socket");
exit(1);
}
if (( bind(s, (struct sockaddr *)& sin, sizeof(sin))) < 0) {
perror("tcp program: bind");
exit( 1);
}
listen(s, MAX_PENDING);
/* wait for connection, then receive and print text */
while(1) {
socklen_t lent = (unsigned int)&len;
if ((new_s = accept(s, (struct sockaddr *)& sin, &lent)) < 0) {
perror("tcp program: accept");
exit( 1);
}
while ((len = recv(new_s, buf, sizeof(buf), 0))){
char msg[len];
send( new_s, msg, len, 0); //echo message of same length as received message
}
close(new_s);
}
}
Again, the goal was to measure RTT, so I wanted the client to send a message, the above server to receive it, then send back a message of equivalent size. I also wanted the server to continue spinning so that the client could run iteratively, sending messages of 1KB, 10KB,...1000KB, etc. However, such iterations usually result in a segmentation fault.
Oddly enough, if I configure my client to run, for example, a single 12KB message send, the server does fine, and continues to run. And if I wait a couple of seconds, I can even repeatedly call my client and the server keeps up. But if I run the single message send in rapid succession, I end up with the segfault again.
Any ideas? I apologize in advance for any elementary errors in style or format. This is my first real foray into the C language beyond "hello world".
Thanks!
1 answers
solution1
0 ACCPTED 2014-11-17 04:43:31
I don't know if this is the only part of the code that is wrong, but this is wrong:
while ((len = recv(new_s, buf, sizeof(buf), 0)))
Please read the man page for recv() , in particular (emphasis added)...
These calls return the number of bytes received, or -1 if an error occurred. The return value will be 0 when the peer has performed an orderly shutdown.
We know that networks are unreliable, and it is fairly common for recv() and friends to return errors.
Additionally, variable-length arrays in C are a fairly dangerous construct, because they perform dynamic allocation on the stack. They're basically alloca() in disguise, and we know how dangerous alloca() is. So this bit:
char msg[len]; // serious problems unless we have good bounds for len
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.