StreamSocket::receiveBytes and FIFOBuffer issue in 1.6

[Sevalecan]

I believe I have discovered a conflict between the receiveBytes implementation which uses the FIFOBuffer and the internal implementation of the FIFOBuffer itself. The FIFOBuffer tracks data inside of a regular buffer, and the start of that data is not always located at the start of its own internal buffer. Functions such as write() will move this data if the amount written would place itself beyond the end of the internal buffer's storage.

I was accessing the FIFOBuffer's contents using operator[] when I encountered an assertion by the internal buffer stating that I was attempting to access an index which exceeded it's maximum allocated size. (I had the FIFOBuffer configured for 1024 bytes, so I expect the internal buffer matched that). I was reading from the FIFOBuffer at an index lower than the FIFOBuffer.used() function indicated. Upon debugging with GDB I found that _begin inside the FIFOBuffer was set to 60 for example, while _used was set to 1024.

Upon further inspection, I'm thinking that the issue might arise from StreamSocket.cpp line 140: 140 int ret = impl()->receiveBytes(fifoBuf.next(), (int)fifoBuf.available());
(gdb) next
141 if (ret > 0) fifoBuf.advance(ret);

Since FIFOBuffer.next() takes no precaution to shift the memory segment to the beginning of its allocation, I think the socket implementation is writing past its boundary and causing my issue. I also think this issue might be two-fold since the advance() function allows you to increase the _used variable beyond the internal buffer's length since it does not shift the data or the _begin variable either.

I've been wrong before, but hopefully this helps.

[aleks-f]

I haven't seen a problem with next() or advance() logic, they both check for limits. When you call next(), you get a pointer to the internal buffer that points to a chunk not longer than available(); we could put some asserts there as a safety net, though. There is, however, another problem in next() - it is not protected by mutex. Are you accessing receiveBytes() from multiple threads?

[Sevalecan]

My application is in the early stages and is single-threaded at the moment.

You are correct, next() does return a chunk of data that is the length of available(), which in code is described as: return _buffer.size() - used; However, BasicFIFOBuffer has implemented a moving start position for the buffer data so as to allow FIFO operations with hopefully fewer unnecessary memmove operations to keep everything lined up with _buffer.begin(). There is a variable _begin in BasicFIFOBuffer used in functions such as peek() and write() which indicates where the real data inside the buffer actually starts. If you read the whole contents of the FIFOBuffer, for instance, _begin is reset to 0 since no move operation is required to do so. If you write() past _begin + _used, a move operation is performed to reset the location to the beginning of the internal buffer:
if (_buffer.size() - (_begin + _used) < length)
{
std::memmove(_buffer.begin(), _buffer.begin() + _begin, _used * sizeof(T));
_begin = 0;
}

Writing with next() does not take into account this _begin offset and will allow the user to possibly overwrite existing data without applying the appropriate move operation beforehand.

[aleks-f]

Ah, yes, you are right. Even the FIFOBuffer::begin() does not do the right thing; beginning of the buffer should always be retrieved through call to begin() member and never directly as _buffer.begin().

Will be fixed for 1.6.1, if you need this fixed quickly, please send a pull request with the fix and some accompanying test cases.

[aleks-f]

Fixed in 1.6.1 and develop for 1.7.0