Bug 35 - The Packet::AddTrailer function tries to write past the end of the buffer
The Packet::AddTrailer function tries to write past the end of the buffer
Status: RESOLVED INVALID
Product: ns-3
Classification: Unclassified
Component: core
pre-release
PC Linux
: P3 major
Assigned To: ns-bugs
: bug
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2007-06-11 13:45 UTC by Emmanuelle Laprise
Modified: 2008-07-01 13:32 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Emmanuelle Laprise 2007-06-11 13:45:13 UTC
I've included a copy of the function (at the end) for reference. It adds a chuck of memory to the buffer so that it is big enough to serialize the trailer, but then it sets the iterator to the end of the buffer instead of "size of trailer" bytes before the end of the buffer. 

I think that the patch will be to add a line following:
Buffer::Iterator end = m_buffer.End ();

end -= size;

I will try to generate a patch and test it briefly.

Emmanuelle

template <typename T>
void
Packet::AddTrailer (T const &trailer)
{
  NS_ASSERT_MSG (dynamic_cast<Trailer const *> (&trailer) != 0,
                 "Must pass Trailer subclass to Packet::AddTrailer");
  uint32_t size = trailer.GetSize ();
  m_buffer.AddAtEnd (size);
  Buffer::Iterator end = m_buffer.End ();
  trailer.Serialize (end);
}
Comment 1 Emmanuelle Laprise 2007-06-11 14:00:54 UTC
Fix needs a small change. The added line should be:
end.Prev(size).

Emmanuelle
Comment 2 Mathieu Lacage 2007-06-12 02:38:00 UTC
This is not a bug: it is the expected behavior. The iterator fed to SerializeTo is expected to be the "end" of the buffer for a Trailer to mirror the behavior of SerializeTo for a Header and I believe that the API doc in trailer.h and packet.h correctly document this behavior. This was aactually a bug in an earlier version of the code, see changeset 37bb15dd01b1: "hg log -p -r 37bb15dd01b1"
Comment 3 Emmanuelle Laprise 2007-06-12 19:56:47 UTC
You mean that I have to move the iterator in the SerializeTo function of the derived trailer class? I think that is counterintuitive since you don't need to do that in the SerializeTo function of the header class. But if that is how it is supposed to be, then ok.

Emmanuelle

Comment 4 Mathieu Lacage 2007-06-13 02:38:21 UTC
Ok, here is the complete rationale:

1) a trailer is not necessarily written starting from the "start", that is, the first byte. It could be written starting from the "end", that is, the last byte of the packet and if you were to do this, this behavior would be quite natural. It does happen that _some_ protocols such as ATM are logically structured starting from the end of the packet so it is quite natural to do what we do for such protocols.

2) it is quite possible to imagine a Trailer whose length cannot determined before parsing it: all you would need to get into such a case would be a set of trailer options. In that case, it would be impossible to make the calling code correctly rewind the iterator to the start (the first byte) of the trailer. So, the only way to make this case work is by avoiding the rewinding and allowing the user to do it himself if he knows he can do it.

3) there is a certain "naturality" from an implementation perspective to do this. I can understand that this "naturality" could be lost to the user but it is really there if you spend enough time staring at the implementation. Yes, I know, this is a totally subjective rationale.

I will try to add a small rationale to the dox doc.
Comment 5 Emmanuelle Laprise 2007-06-13 09:26:05 UTC
Explained like that, it makes sense to me. I would just add a note to the Doxygen documentation that says the end of the buffer really means the end of the buffer and not the end of the buffer in terms of used bytes (I thought that it meant this is the end of the used buffer, you can start writing here). Or perhaps mention that the iterator needs to be moved before any byte can be written.

Emmanuelle
Comment 6 Mathieu Lacage 2007-06-13 10:39:22 UTC
(In reply to comment #5)
> Explained like that, it makes sense to me. I would just add a note to the
> Doxygen documentation that says the end of the buffer really means the end of
> the buffer and not the end of the buffer in terms of used bytes (I thought that
> it meant this is the end of the used buffer, you can start writing here). Or
> perhaps mention that the iterator needs to be moved before any byte can be
> written.

I have just tried to do this. Feel free to try to improve the dox text yourself with another patch.

> 
> Emmanuelle
>