Segfault with ring buffer

[markschl]

When evaluating the new slice-dequeue feature, I encountered a strange segfault. I'm not totally sure what is wrong and to be honest haven't invested a lot of time in trying to find out. It appears that it happens in SliceDeque::tail_head_slice().

The issue can be reproduced using this code (tested on OS X):

extern crate buf_redux;

use std::io::BufRead;


fn main() {
    let source = vec![0u8; 4096*4];

    let mut rdr = buf_redux::BufReader::with_capacity_ringbuf(4096, source.as_slice());

    loop {
        let n = rdr.read_into_buf().unwrap();
        if n == 0 {
            break;
        }
        rdr.consume(4000);
        // rdr.make_room(); // (only necessary with 'standard' reader)

        println!("{}", n);
    }
}

[abonander]

I can't reproduce this on Windows but I am able to reproduce it on Linux. I've reduced it down to a bug in slice-deque:

extern crate slice_deque;
use slice_deque::SliceDeque;

fn main() {
    let mut deque = SliceDeque::<u8>::with_capacity(4096);

    let slice = unsafe {
       deque.move_tail(4096);
       deque.move_head(4000);
       deque.move_tail(4000);
       deque.move_head(4000);
       // head = 8000, tail = 8096
       deque.tail_head_slice()
    };

    for i in 0 .. slice.len() {
        // segfault at i = 96
        slice[i] = 0;
    }
}

[markschl]

Thanks for reporting it in slice_dequeue. I guess if you replace 4096 with 65536 (64 KiB), the bug might appear on Windows as well.

[abonander]

@markschl Yeah it does, thanks for the suggestion.

[gnzlbg]

Version 0.1.10 of slice_deque has been released with this issue fixed (in Linux, Windows, and other targets).

[gnzlbg]

Sorry that it took so long to fix this, but life got in the way :/

[abonander]

Glad you were able to get to it. I'm rerunning CI here and if it's green I'll consider this closed.