Uploaded image for project: 'Qpid Proton'
  1. Qpid Proton
  2. PROTON-829

Possible reference counting bug in pn_clear_tpwork

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 0.8
    • Fix Version/s: 0.12.0
    • Component/s: proton-c
    • Labels:
      None

      Description

      See QPID-6415 which describes a core dump in the qpid tests that appears when using the current 0.9 proton master. The qpid tests pass OK with proton 0.8.

      The valgrind output in QPID-6415 shows that a connection is deleted while it is being finalized by a call from pn_connection_unbound to pn_clear_tpwork.

      I do not yet understand the details, but removing the following strange code fixes the problem and passes the proton test suite without valgrind errors:

      --- a/proton-c/src/engine/engine.c
      +++ b/proton-c/src/engine/engine.c
      @@ -690,10 +690,10 @@ void pn_clear_tpwork(pn_delivery_t *delivery)
         {
           LL_REMOVE(connection, tpwork, delivery);
           delivery->tpwork = false;
      -    if (pn_refcount(delivery) > 0) {
      -      pn_incref(delivery);
      -      pn_decref(delivery);
      -    }
         }
       }
      

      The code is strange because
      a) you should never examine a refcount except for debugging purposes
      b) under normal refcounting semantics incref+decref is a no-op.

      Is removing this code OK?

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                aconway Alan Conway
                Reporter:
                aconway Alan Conway
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: