issue in free()

[Hoohya]

Hi nlohmann,
Don't know if anyone has encountered this issue before, and I am not sure if it is and issue with the library.
I just create a json object, and dump it, publish the result to redis, whenever I receive a message from a TCP socket. However, after running for 15-30 mins, I have a memory error.
The code is very simple:
json jud=json::object();
string timenow = currentTimeStr();
jud["Msg_seq"]=epochTimeStr();
jud["Time"]=timenow;
jud["TimeArrive"]=timenow;
jud["Exchange"]="IB";
jud["Symbol"]="USD_JPY";
string judstr = jud.dump();
redis_cli_.publish("UPDATEx|USD_JPY.IB", judstr, [](cpp_redis::reply &reply) {
//std::cout << "publish UPDATE: " << reply << std::endl;
});

The error:
free(): invalid next size (fast)

Thread 1 "TWS_Client" received signal SIGABRT, Aborted.
0x00007ffff72abae0 in raise () from /lib64/libc.so.6
Missing separate debuginfos, use: debuginfo-install libgcc-7.3.1-6.amzn2.0.4.x86_64 libstdc++-7.3.1-6.amzn2.0.4.x86_64
(gdb)
(gdb) bt
#0 0x00007ffff72abae0 in raise () from /lib64/libc.so.6
#1 0x00007ffff72acf88 in abort () from /lib64/libc.so.6
#2 0x00007ffff72ebb94 in __libc_message () from /lib64/libc.so.6
#3 0x00007ffff72f180a in malloc_printerr () from /lib64/libc.so.6
#4 0x00007ffff72f330b in _int_free () from /lib64/libc.so.6
#5 0x0000555555587e60 in void __gnu_cxx::new_allocator<std::__cxx11::basic_string<char, std::char_traits, std::allocator > >::destroy<std::__cxx11::basic_string<char, std::char_traits, std::allocator > >(std::__cxx11::basic_string<char, std::char_traits, std::allocator >) ()
#6 0x00005555555847ea in void std::allocator_traits<std::allocator<std::__cxx11::basic_string<char, std::char_traits, std::allocator > > >::destroy<std::__cxx11::basic_string<char, std::char_traits, std::allocator > >(std::allocator<std::__cxx11::basic_string<char, std::char_traits, std::allocator > >&, std::__cxx11::basic_string<char, std::char_traits, std::allocator >) ()
#7 0x000055555558032a in nlohmann::basic_json<std::map, std::vector, std::__cxx11::basic_string<char, std::char_traits, std::allocator >, bool, long, unsigned long, double, std::allocator, nlohmann::adl_serializer>::json_value::destroy(nlohmann::detail::value_t) ()
#8 0x000055555557c96b in nlohmann::basic_json<std::map, std::vector, std::__cxx11::basic_string<char, std::char_traits, std::allocator >, bool, long, unsigned long, double, std::allocator, nlohmann::adl_serializer>::~basic_json() ()
#9 0x000055555558024f in nlohmann::basic_json<std::map, std::vector, std::__cxx11::basic_string<char, std::char_traits, std::allocator >, bool, long, unsigned long, double, std::allocator, nlohmann::adl_serializer>::json_value::destroy(nlohmann::detail::value_t) ()
#10 0x000055555557c96b in nlohmann::basic_json<std::map, std::vector, std::__cxx11::basic_string<char, std::char_traits, std::allocator >, bool, long, unsigned long, double, std::allocator, nlohmann::adl_serializer>::~basic_json() ()
#11 0x0000555555572d3c in TestCppClient::updateMktDepth(long, int, int, int, double, int) ()
#12 0x00005555555c3bb1 in EDecoder::processMarketDepthMsg(char const*, char const*) ()
#13 0x00005555555cb881 in EDecoder::parseAndProcessMsg(char const*&, char const*) ()
#14 0x00005555555e213c in EReader::processMsgs() ()
#15 0x00005555555657b7 in TestCppClient::processMessages() ()
#16 0x000055555559fb1e in main ()

Describe which system (OS, compiler) you are using.
Virtualbox, Ubuntu 18.04, x86_64 , gc 7.4.0

Describe which version of the library you are using (release version, develop branch).
master branch, version 3.7.3

[nlohmann]

This is odd as the library does not leak any memory or has any known memory issues. If I had to guess, it is unrelated to the library and it is more likely that some thread is messing with the memory.

Can you reproduce the issue? If so, could you try to run it with Valgrind or ASAN?

[Hoohya]

Thanks for the reply. It might not be the issue with the library. I will observe a few more days and update the status. I will close this issue if it is not relevant.

[Hoohya]

Unfortunately I do re-create the error, after running like 30 mins. It is not exactly the same but very similar, and if I don't create a json object, the program doesn't create similar memory error.

I am using single include json.hpp in master branch. Which branch is more stable, master or dev ?

The error:
free(): invalid pointer

Thread 1 "TWS_Client" received signal SIGABRT, Aborted.
0x00007ffff6ef893f in raise () from /lib64/libc.so.6
Missing separate debuginfos, use: dnf debuginfo-install libgcc-8.2.1-3.5.el8.x86_64 libstdc++-8.2.1-3.5.el8.x86_64
(gdb) bt
#0 0x00007ffff6ef893f in raise () from /lib64/libc.so.6
#1 0x00007ffff6ee2c95 in abort () from /lib64/libc.so.6
#2 0x00007ffff6f3bd57 in __libc_message () from /lib64/libc.so.6
#3 0x00007ffff6f4268c in malloc_printerr () from /lib64/libc.so.6
#4 0x00007ffff6f43e84 in _int_free () from /lib64/libc.so.6
#5 0x00007ffff7b6c6e0 in std::__cxx11::basic_string<char, std::char_traits, std::allocator >::_M_mutate(unsigned long, unsigned long, char const*, unsigned long) ()
from /lib64/libstdc++.so.6
#6 0x00007ffff7b6dddb in std::__cxx11::basic_string<char, std::char_traits, std::allocator >::_M_append(char const*, unsigned long) () from /lib64/libstdc++.so.6
#7 0x0000000000442ec7 in nlohmann::detail::output_string_adapter<char, std::__cxx11::basic_string<char, std::char_traits, std::allocator > >::write_characters(char const*, unsigned long) ()
#8 0x0000000000430eb9 in nlohmann::detail::serializer<nlohmann::basic_json<std::map, std::vector, std::__cxx11::basic_string<char, std::char_traits, std::allocator >, bool, long, unsigned long, double, std::allocator, nlohmann::adl_serializer> >::dump(nlohmann::basic_json<std::map, std::vector, std::__cxx11::basic_string<char, std::char_traits, std::allocator >, bool, long, unsigned long, double, std::allocator, nlohmann::adl_serializer> const&, bool, bool, unsigned int, unsigned int) ()
#9 0x000000000042e45e in nlohmann::basic_json<std::map, std::vector, std::__cxx11::basic_string<char, std::char_traits, std::allocator >, bool, long, unsigned long, double, std::allocator, nlohmann::adl_serializer>::dump(int, char, bool, nlohmann::detail::error_handler_t) const ()
#10 0x0000000000424cc3 in TestCppClient::updateMktDepth(long, int, int, int, double, int) ()
#11 0x000000000047077b in EDecoder::processMarketDepthMsg(char const*, char const*) ()
#12 0x00000000004778fe in EDecoder::parseAndProcessMsg(char const*&, char const*) ()
#13 0x000000000048d319 in EReader::processMsgs() ()
#14 0x0000000000418674 in TestCppClient::processMessages() ()
#15 0x000000000044f3b8 in main ()
(gdb) quit

[Hoohya]

Quite strange, the problem appears to happen in dump(). I print out the values in the json object "jud", and there is no problem:
cout<< jud["Msg_seq"] << " " << jud["Time"]<< " " << jud["TimeArrive"] << " "<<jud["Exchange"] << " " << jud["Symbol"] <<endl;
"1578478352227862" "2020-01-08 10:12:32" "2020-01-08 10:12:32" "IB" "USD_JPY"

I use jud.dump(-1, ' ', false, json::error_handler_t::ignore), and the error becomes:
munmap_chunk(): invalid pointer

Thread 1 "TWS_Client" received signal SIGABRT, Aborted.
0x00007ffff6ef893f in raise () from /lib64/libc.so.6
Missing separate debuginfos, use: dnf debuginfo-install libgcc-8.2.1-3.5.el8.x86_64 libstdc++-8.2.1-3.5.el8.x86_64
(gdb) bt
#0 0x00007ffff6ef893f in raise () from /lib64/libc.so.6
#1 0x00007ffff6ee2c95 in abort () from /lib64/libc.so.6
#2 0x00007ffff6f3bd57 in __libc_message () from /lib64/libc.so.6
#3 0x00007ffff6f4268c in malloc_printerr () from /lib64/libc.so.6
#4 0x00007ffff6f42be4 in munmap_chunk () from /lib64/libc.so.6
#5 0x00007ffff7b6c6e0 in std::__cxx11::basic_string<char, std::char_traits, std::allocator >::_M_mutate(unsigned long, unsigned long, char const*, unsigned long) ()
from /lib64/libstdc++.so.6
#6 0x00007ffff7b6dddb in std::__cxx11::basic_string<char, std::char_traits, std::allocator >::_M_append(char const*, unsigned long) () from /lib64/libstdc++.so.6
#7 0x0000000000442c97 in nlohmann::detail::output_string_adapter<char, std::__cxx11::basic_string<char, std::char_traits, std::allocator > >::write_characters(char const*, unsigned long) ()
#8 0x0000000000433cc4 in nlohmann::detail::serializer<nlohmann::basic_json<std::map, std::vector, std::__cxx11::basic_string<char, std::char_traits, std::allocator >, bool, long, unsigned long, double, std::allocator, nlohmann::adl_serializer> >::dump_escaped(std::__cxx11::basic_string<char, std::char_traits, std::allocator > const&, bool) ()
#9 0x0000000000430bb2 in nlohmann::detail::serializer<nlohmann::basic_json<std::map, std::vector, std::__cxx11::basic_string<char, std::char_traits, std::allocator >, bool, long, unsigned long, double, std::allocator, nlohmann::adl_serializer> >::dump(nlohmann::basic_json<std::map, std::vector, std::__cxx11::basic_string<char, std::char_traits, std::allocator >, bool, long, unsigned long, double, std::allocator, nlohmann::adl_serializer> const&, bool, bool, unsigned int, unsigned int) ()
#10 0x00000000004304db in nlohmann::detail::serializer<nlohmann::basic_json<std::map, std::vector, std::__cxx11::basic_string<char, std::char_traits, std::allocator >, bool, long, unsigned long, double, std::allocator, nlohmann::adl_serializer> >::dump(nlohmann::basic_json<std::map, std::vector, std::__cxx11::basic_string<char, std::char_traits, std::allocator >, bool, long, unsigned long, double, std::allocator, nlohmann::adl_serializer> const&, bool, bool, unsigned int, unsigned int) ()
#11 0x000000000042de10 in nlohmann::basic_json<std::map, std::vector, std::__cxx11::basic_string<char, std::char_traits, std::allocator >, bool, long, unsigned long, double, std::allocator, nlohmann::adl_serializer>::dump(int, char, bool, nlohmann::detail::error_handler_t) const ()
#12 0x0000000000424bf7 in TestCppClient::updateMktDepth(long, int, int, int, double, int) ()
#13 0x0000000000470605 in EDecoder::processMarketDepthMsg(char const*, char const*) ()
#14 0x0000000000477788 in EDecoder::parseAndProcessMsg(char const*&, char const*) ()
#15 0x000000000048d1a3 in EReader::processMsgs() ()
#16 0x0000000000418724 in TestCppClient::processMessages() ()
#17 0x000000000044f242 in main ()

[nickaein]

The second crash is happening in write_characters library code which is different than the first one. I highly doubt this is a bug in library code. It more seems like a memory corruption that happened elsewhere and affected the JSON object.

Nevertheless, your best best as @nlohmann stated, is to use a tool like ASAN
(or TSAN if your program is multi-threaded and you suspect a data race) to detect exactly where things go wrong.

Note that ASAN inevitably slows down the program execution during debug, so it would be handy if you could run some simulations which feed the program data at much higher rate.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.