Problems have been observed when sending messages to the broker using AMQP 1.0.
The problems occur if the the messages being sent are routed to an output queue but cannot be delivered to the queue because of size limits defined on the queue.
In certain circumstances this scenario can result in the broker crashing with a segmentation fault.
When a message cannot be delivered to a queue, due to insufficient space, an exception is thrown. This results in the link being closed and an error returned to the client.
If previous messages sent from the client have activated "flow control" (due to the queue getting close to full) then the acknowledgments (acks) for those messages are held as "pending" in the owning session. When messages are removed from the destination queue, and flow control allows flow to restart, the session attempts to deliver the pending acks.
If there has been a link failure, then the pending acks are no longer valid - the pointer to the owning link has been reset to NULL. The current code doesn't check the validity of the link pointer and causes a Seg Fault when it tries to send the acks,
The proposal is to address this problem in two phases:
- Phase One
- Add defensive code to prevent Seg Fault
- Remove pending acks from session if the link is being closed
- Phase Two
- Investigate 'returning' the problematic message rather than closing the link with an error code
Avoiding closing the link seems preferable as it could reduce the number of messages that might otherwise be resent by the client.