Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 1.5.0
    • Fix Version/s: None
    • Component/s: Router Node
    • Labels:
      None

      Description

      Chuck Rolke hit the following use-after-free error under valgrind:

      kind = InvalidRead  (count=1)
      Invalid read of size 1
      Stack:
        (qdr_deliver_continue_peers_CT) /home/chug/git/qpid-dispatch/src/router_core/transfer.c:1236
        (qdr_deliver_continue_CT) /home/chug/git/qpid-dispatch/src/router_core/transfer.c:1269
        (router_core_thread) /home/chug/git/qpid-dispatch/src/router_core/router_core_thread.c:148
        (start_thread) /usr/src/debug/glibc-2.28-60-g4d7af7815a/nptl/pthread_create.c:486
        (clone) /usr/src/debug/glibc-2.28-60-g4d7af7815a/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95
      Address 0x143aaa79 is 41 bytes inside a block of size 48 free'd:
        (free) /builddir/build/BUILD/valgrind-3.14.0/coregrind/m_replacemalloc/vg_replace_malloc.c:540
        (free_qdr_link_work_t) /home/chug/git/qpid-dispatch/src/router_core/router_core.c:36
        (qdr_connection_process) /home/chug/git/qpid-dispatch/src/router_core/connections.c:341
        (AMQP_writable_conn_handler) /home/chug/git/qpid-dispatch/src/router_node.c:174
        (writable_handler) /home/chug/git/qpid-dispatch/src/container.c:332
        (qd_container_handle_event) /home/chug/git/qpid-dispatch/src/container.c:640
        (handle) /home/chug/git/qpid-dispatch/src/server.c:985
        (thread_run) /home/chug/git/qpid-dispatch/src/server.c:1010
        (qd_server_run) /home/chug/git/qpid-dispatch/src/server.c:1284
        (main_process) /home/chug/git/qpid-dispatch/router/src/main.c:112
        (main) /home/chug/git/qpid-dispatch/router/src/main.c:367
      Block was alloc'd at:
        (malloc) /builddir/build/BUILD/valgrind-3.14.0/coregrind/m_replacemalloc/vg_replace_malloc.c:309
        (new_qdr_link_work_t) /home/chug/git/qpid-dispatch/src/router_core/router_core.c:36
        (qdr_forward_deliver_CT) /home/chug/git/qpid-dispatch/src/router_core/forwarder.c:226
        (qdr_forward_multicast_CT) /home/chug/git/qpid-dispatch/src/router_core/forwarder.c:474
        (qdr_forward_message_CT) /home/chug/git/qpid-dispatch/src/router_core/forwarder.c:995
        (qdr_link_forward_CT) /home/chug/git/qpid-dispatch/src/router_core/transfer.c:918
        (qdr_link_deliver_CT) /home/chug/git/qpid-dispatch/src/router_core/transfer.c:1094
        (router_core_thread) /home/chug/git/qpid-dispatch/src/router_core/router_core_thread.c:148
        (start_thread) /usr/src/debug/glibc-2.28-60-g4d7af7815a/nptl/pthread_create.c:486
        (clone) /usr/src/debug/glibc-2.28-60-g4d7af7815a/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95
      
      

      The router core thread is accessing a link_work object after it was deleted by the I/O thread.

        Attachments

          Activity

            People

            • Assignee:
              kgiusti Ken Giusti
              Reporter:
              kgiusti Ken Giusti
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: