Qpid
  1. Qpid
  2. QPID-3563

Unprotected access to accept tracking state can cause crash

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 0.12
    • Fix Version/s: 0.13
    • Component/s: C++ Client
    • Labels:
      None

      Description

      Crash with the following backtrace reported:

      Thread 1 (Thread 0x5512d940 (LWP 4479)):
      #0 min<qpid::framing::SequenceNumber> (this=0x2aaaac009b38, r=...) at /usr/include/c++/4.1.2/bits/stl_algobase.h:189
      #1 touching (this=0x2aaaac009b38, r=...) at ../include/qpid/RangeSet.h:71
      #2 qpid::RangeSet<qpid::framing::SequenceNumber>::addRange (this=0x2aaaac009b38, r=...) at ../include/qpid/RangeSet.h:229
      #3 0x00000038ca3e350a in operator+= (this=0x2aaaac009b38, s=<value optimized out>) at ../include/qpid/RangeSet.h:150
      #4 operator+= (this=0x2aaaac009b38, s=<value optimized out>) at ../include/qpid/RangeSet.h:149
      #5 qpid::framing::SequenceSet::add (this=0x2aaaac009b38, s=<value optimized out>) at qpid/framing/SequenceSet.cpp:69
      #6 0x00000038cd242bf8 in qpid::client::amqp0_10::AcceptTracker::delivered (this=0x2aaaac009b38, destination="RRAA+b+APP5.AppQueue", id=...) at qpid/client/amqp0_10/AcceptTracker.cpp:58
      #7 0x00000038cd26014d in qpid::client::amqp0_10::IncomingMessages::retrieve (this=0x2aaaac009aa0, command=..., message=<value optimized out>) at qpid/client/amqp0_10/IncomingMessages.cpp:279
      #8 0x00000038cd2601bb in qpid::client::amqp0_10::IncomingMessages::MessageTransfer::retrieve (this=<value optimized out>, message=0xfbfede0926f3eaeb)
      at qpid/client/amqp0_10/IncomingMessages.cpp:292
      #9 0x00000038cd26a14a in qpid::client::amqp0_10::SessionImpl::accept (this=<value optimized out>, receiver=0x2aaaac00ae10, message=0x2aaab4008210, transfer=...)
      at qpid/client/amqp0_10/SessionImpl.cpp:304
      #10 0x00000038cd270407 in operator() (function_obj_ptr=<value optimized out>, a0=...) at /usr/include/boost/bind/mem_fn_template.hpp:353
      #11 operator()<bool, boost::_mfi::mf3<bool, qpid::client::amqp0_10::SessionImpl, qpid::client::amqp0_10::ReceiverImpl*, qpid::messaging::Message*, qpid::client::amqp0_10::IncomingMessages::MessageTransfer&>, boost::_bi::list1<qpid::client::amqp0_10::IncomingMessages::MessageTransfer&> > (function_obj_ptr=<value optimized out>, a0=...) at /usr/include/boost/bind.hpp:403
      #12 operator()<qpid::client::amqp0_10::IncomingMessages::MessageTransfer> (function_obj_ptr=<value optimized out>, a0=...) at /usr/include/boost/bind/bind_template.hpp:32
      #13 boost::detail::function::function_obj_invoker1<boost::_bi::bind_t<bool, boost::_mfi::mf3<bool, qpid::client::amqp0_10::SessionImpl, qpid::client::amqp0_10::ReceiverImpl*, qpid::messaging::Message*, qpid::client::amqp0_10::IncomingMessages::MessageTransfer&>, boost::_bi::list4<boost::_bi::value<qpid::client::amqp0_10::SessionImpl*>, boost::_bi::value<qpid::client::amqp0_10::ReceiverImpl*>, boost::_bi::value<qpid::messaging::Message*>, boost::arg<1> > >, bool, qpid::client::amqp0_10::IncomingMessages::MessageTransfer&>::invoke (function_obj_ptr=<value optimized out>, a0=...)
      at /usr/include/boost/function/function_template.hpp:119
      #14 0x00000038cd278d3f in boost::function1<bool, qpid::client::amqp0_10::IncomingMessages::MessageTransfer&, std::allocator<boost::function_base> >::operator() (this=0x20fe, a0=...)
      at /usr/include/boost/function/function_template.hpp:576
      #15 0x00000038cd2703bd in qpid::client::amqp0_10::(anonymous namespace)::IncomingMessageHandler::accept (this=<value optimized out>, transfer=...) at qpid/client/amqp0_10/SessionImpl.cpp:279
      #16 0x00000038cd261bed in qpid::client::amqp0_10::IncomingMessages::get (this=0x2aaaac009aa0, handler=..., timeout=<value optimized out>) at qpid/client/amqp0_10/IncomingMessages.cpp:121
      #17 0x00000038cd269f8e in qpid::client::amqp0_10::SessionImpl::getIncoming (this=<value optimized out>, handler=..., timeout=<value optimized out>) at qpid/client/amqp0_10/SessionImpl.cpp:324
      #18 0x00000038cd26aef8 in qpid::client::amqp0_10::SessionImpl::get (this=0x2aaaac009a50, receiver=<value optimized out>, message=<value optimized out>, timeout=...)
      at qpid/client/amqp0_10/SessionImpl.cpp:330
      #19 0x00000038cd26757d in qpid::client::amqp0_10::ReceiverImpl::getImpl (this=0x2aaaac00ae10, message=..., timeout=...) at qpid/client/amqp0_10/ReceiverImpl.cpp:158
      #20 0x00000038cd269399 in operator() (this=0x2aaaac009a50, f=...) at qpid/client/amqp0_10/ReceiverImpl.h:107
      #21 qpid::client::amqp0_10::SessionImpl::execute<qpid::client::amqp0_10::ReceiverImpl::Get> (this=0x2aaaac009a50, f=...) at qpid/client/amqp0_10/SessionImpl.h:99
      #22 0x00000038cd2675dc in qpid::client::amqp0_10::ReceiverImpl::get (this=0x2aaaac00ae10, message=<value optimized out>, timeout=...) at qpid/client/amqp0_10/ReceiverImpl.cpp:64
      #23 0x00000038cd23f7fd in qpid::messaging::Receiver::get (this=<value optimized out>, message=..., timeout=...) at qpid/messaging/Receiver.cpp:36

      Jason Dillaman observes that 'IncomingMessages::retrieve() can call AcceptTracker::delivered() while not
      holding a lock'.

        Activity

          People

          • Assignee:
            Gordon Sim
            Reporter:
            Gordon Sim
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development