The original stack trace points to a (I think) clear this==NULL bug in cac::transferChanToVirtCircuit. Specifically the piiu->installChannel which looks like it should be conditional on newIIU.
The handling of piiu isn't so straightforward. As I read it, this->serverTable.lookup() returns NULL of failure. piiu is then passed to findOrCreateVirtCircuit() by *reference*. That is, a reference to a pointer. findOrCreateVirtCircuit() returns true if piiu is now non-NULL. So it seems clear that piiu should not be de-referenced unless this boolean newIIU is true.
I won't pretend to understand the logic here. The most recent footprints in this area are in 2010 with changes dating from 2008. This commit carries the inspiring message "COMPLETELY UNTESTED" :)
The original stack trace points to a (I think) clear this==NULL bug in cac::transferCh anToVirtCircuit . Specifically the piiu->installCh annel which looks like it should be conditional on newIIU.
The handling of piiu isn't so straightforward. As I read it, this->serverTab le.lookup( ) returns NULL of failure. piiu is then passed to findOrCreateVir tCircuit( ) by *reference*. That is, a reference to a pointer. findOrCreateVir tCircuit( ) returns true if piiu is now non-NULL. So it seems clear that piiu should not be de-referenced unless this boolean newIIU is true.
https:/ /github. com/epics- base/epics- base/blob/ 3.14/src/ ca/cac. cpp#L638
I won't pretend to understand the logic here. The most recent footprints in this area are in 2010 with changes dating from 2008. This commit carries the inspiring message "COMPLETELY UNTESTED" :)
https:/ /github. com/epics- base/epics- base/commit/ 23612a7afe1c6e0 a208bf4a0acecd2 a5e2468380