"My" bug collection (Reprinted)

background

I found this link when searching for information , The author and I do something similar ： Record every one of yourself bug（ It's best to add reflection and backtracking , Determine the root cause of your mistakes , Facilitate the targeted improvement later ）, So reprint it .
my BUG Complete works of

Bug Record

buff After spilling , Destroy the stack , This thread did not crash , Has been looping in a small piece of unknowable code .

call getaddrinfo Many times later ,getaddrinfo Report errors ：No address associated with NAME.

It's very strange ~~ Later, the same program was deployed to older linux On , Report errors : Too many open files. Just understand , original fd It's used up . Check the relevant code later , Right enough ~ Fill up close(fd) after ,getaddrinfo We have solved the problem of . Inspiration is ：1. Some error messages are far from the real cause of the error .2. A system call starts normally , Failed after running many times , It should be doubted whether there is a resource leak .

hold uint_t Type assigned to std::string when , Will collapse in std::string Inside .

It is easy to appear when there is a special case of an expected unified rule BUG. Linked order , Related areas , The shipping address refers to YYYY-MM-DD HH:MM:SS The timestamp , But the timestamp accepted by the same machine analysis is YYYYMMDD Timestamp of a certain day . There is a combined requirement that the above 4 Small demand , Due to the inconsistent timestamp parameters passed in BUG.

vector::push_back May reassign vector Of memory , Causes references and pointers to previous elements to become invalid . One std::function Hold one std::ref Point to vector An element in , When this funcction When called ,vector This element in has expired .

use boost::optional Record a message . This information is not in time clear Function to clean up . therefore , When observed , This information is always printed . But at first , We suspect that another function is unstable and regenerates this information .

When writing a matching function , The operand to be matched is a string , I didn't consider the case that the string is empty .

In the older gcc 4.1.2 Upper handle shared_ptr Assign to weak_ptr when , collapse . Collapse in atomic_exchange_and_add. At first, it was suspected that it was an old version gcc Yes boost Smart pointer support is not good enough , It was later discovered that it was because weak_ptr At this time, it has expired . The reason is to use handler Parameters of hold shared_ptr For life cycle management , Wrong parameter , So that this object has been destroyed .

The phenomenon ： A logic that depends on a boolean variable is normal most of the time , A small part of the time is abnormal . Expect this boolean variable to be false, Sometimes strange names become true.

The reason is that this boolean variable is not initialized , Most of the time, its value is false, But sometimes it's not .

The phenomenon rmap_item Let the cat out of the .

Fix it: Pointer operation error when inserting a new node into a single linked list . Should be new->rmap_list = *item, Written by me new->rmap_list = (*item)->rmap_list.

I intend to comment out a line of code , But somehow, I annotated the wrong line of code .

Variable name pkt and ptr It's like , In use memcpy Wrong variables are used in function, resulting in bug. A piece of memory was inexplicably modified , It is likely that the parameters of this function written like this just now are filled in incorrectly .

_sessions.erase(ite++); Deleted _sessions An object maintained . The destructor of the object is called , There will be a series of object destructions called . Pointers in these objects are likely to be invalidated . however , You can also get this pointer elsewhere in the code . Wild pointer ！！！ In today's example session Maintenance of ip_pkt Objects are destructed ,ip_pkt The pointers in the are also invalid . therefore , Use a wild pointer , collapsed .

When deleting data , Always pay attention to references or pointers to these deleted data in other code .

Quoting container.end() The returned iterator will crash .

This is from Tencent video advertising group bug. A thread is responsible for opening , Turn off FD. Another thread reads and writes FD. The competitive conditions of two threads cause BUG.

Lazy copying code when writing code , Then forget to make the corresponding changes , Visually, it is difficult to detect at the first time , But spent several times of time debugging the program later .

When writing judgement sentences , The expression of judgment is shown as container.empty() Whether to take the opposite before , Often make mistakes .

htonl It's written in htons

std::distance Dead loop when calculating the distance between two iterators , Because the iterator is not initialized . And I thought , The initialization function has been called , It is not actually called .

I didn't pay attention to the return value of the function . Sometimes the function returns 0 Time means success , namely true The meaning of . So when you see something exactly opposite to what you expect , We should consider whether there is such a mistake .

Iterator failure again .erase(ite++), continue, however for There are... In the loop ++ite. The result is that the iterator is added twice .

The reason is traced to wild pointer . The characteristic of wild pointer is that you will see messy values in the debugger , If you only look at some flag variables, you will feel that you have subverted the previously established logic , So I went to track whether there was a problem with logic . This time, bug, Logic itself is right , Instead, we should find out how the wild pointer is generated . This time, the wild pointer is generated because negative numbers get negative numbers after taking modulus , Use this negative number as the index to get the object , The result is an invalid object . The experience this time is , Even some super simple logic , I think I can ensure that the index is effective , But some inadvertent code produces illegal indexes for you , So spend a lot of time tracking . Diagnose more simple judgments ！

In the realization of a clone Function time ,new New objects appear , When you want to reference the data of a new object, it is easy to forget to use the reference of the new object to reference the data of the new object , So the data of the new object is not assigned normally , It's broken again this The data of .

Pointer operation is out of bounds again , Because of all kinds of length Calculation error .

timer Represents a local timer , timer_ It's a class Timer for . Because I didn't see the underline ~~ A mistake ！！！

A pointer to a char Of ite, Dereference this ite Post bestow int, because char It's symbolic ,int It's also signed , So when char When it's a negative number int It's also a negative number .

Two containers contain pointers to the same batch of objects . When cleaning up ,delete 了 A The heap space pointed by the pointer in the container is , to A Called clear. however ,B Container forgot clear 了 . result ,B The pointers in the container have become wild pointers .