[
https://issues.apache.org/jira/browse/DISPATCH-2289?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17444582#comment-17444582
]
ASF subversion and git services commented on DISPATCH-2289:
-----------------------------------------------------------
Commit f7fdaf12a1bcbaa660f6ebc10d066542a3a30fca in qpid-dispatch's branch
refs/heads/main from Ken Giusti
[ https://gitbox.apache.org/repos/asf?p=qpid-dispatch.git;h=f7fdaf1 ]
DISPATCH-2289: postpone data stream free until after disconnect.
The TCP adaptor should not release any outstanding data stream
elements until after the connection disconnect event. Otherwise it is
possible proton is still holding a reference to the data stream.
This closes #1439
> use-after-free of streaming data causes crash in tcp adaptor
> ------------------------------------------------------------
>
> Key: DISPATCH-2289
> URL: https://issues.apache.org/jira/browse/DISPATCH-2289
> Project: Qpid Dispatch
> Issue Type: Bug
> Components: Protocol Adaptors
> Affects Versions: 1.17.1
> Reporter: Ken Giusti
> Assignee: Ken Giusti
> Priority: Critical
>
> The adaptor is manipulating a stream data which it previously freed:
>
> #0 0x000000000045f7e3 qd_message_stream_data_release_up_to
> (qdrouterd + 0x5f7e3)
> #1 0x000000000043f9a3 handle_connection_event (qdrouterd +
> 0x3f9a3)
> #2 0x00000000004b873c handle_event_with_context (qdrouterd +
> 0xb873c)
> #3 0x00000000004b8779 do_handle_raw_connection_event
> (qdrouterd + 0xb8779)
> #4 0x00000000004b9639 handle (qdrouterd + 0xb9639)
>
> #5 0x00000000004b9747 thread_run (qdrouterd + 0xb9747)
>
> #6 0x000000000046c856 _thread_init (qdrouterd + 0x6c856)
>
> #7 0x00007f35282b73f9 start_thread (libpthread.so.0 +
> 0x93f9)
> #8 0x00007f3527ddb4c3 __clone (libc.so.6 + 0x1014c3)
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
