Unprotected access to accept tracking state can cause crash
-----------------------------------------------------------
Key: QPID-3563
URL: https://issues.apache.org/jira/browse/QPID-3563
Project: Qpid
Issue Type: Bug
Components: C++ Client
Affects Versions: 0.12
Reporter: Gordon Sim
Assignee: Gordon Sim
Fix For: 0.13
Crash with the following backtrace reported:
Thread 1 (Thread 0x5512d940 (LWP 4479)):
#0 min<qpid::framing::SequenceNumber> (this=0x2aaaac009b38, r=...) at
/usr/include/c++/4.1.2/bits/stl_algobase.h:189
#1 touching (this=0x2aaaac009b38, r=...) at ../include/qpid/RangeSet.h:71
#2 qpid::RangeSet<qpid::framing::SequenceNumber>::addRange
(this=0x2aaaac009b38, r=...) at ../include/qpid/RangeSet.h:229
#3 0x00000038ca3e350a in operator+= (this=0x2aaaac009b38, s=<value optimized
out>) at ../include/qpid/RangeSet.h:150
#4 operator+= (this=0x2aaaac009b38, s=<value optimized out>) at
../include/qpid/RangeSet.h:149
#5 qpid::framing::SequenceSet::add (this=0x2aaaac009b38, s=<value optimized
out>) at qpid/framing/SequenceSet.cpp:69
#6 0x00000038cd242bf8 in qpid::client::amqp0_10::AcceptTracker::delivered
(this=0x2aaaac009b38, destination="RRAA+b+APP5.AppQueue", id=...) at
qpid/client/amqp0_10/AcceptTracker.cpp:58
#7 0x00000038cd26014d in qpid::client::amqp0_10::IncomingMessages::retrieve
(this=0x2aaaac009aa0, command=..., message=<value optimized out>) at
qpid/client/amqp0_10/IncomingMessages.cpp:279
#8 0x00000038cd2601bb in
qpid::client::amqp0_10::IncomingMessages::MessageTransfer::retrieve
(this=<value optimized out>, message=0xfbfede0926f3eaeb)
at qpid/client/amqp0_10/IncomingMessages.cpp:292
#9 0x00000038cd26a14a in qpid::client::amqp0_10::SessionImpl::accept
(this=<value optimized out>, receiver=0x2aaaac00ae10, message=0x2aaab4008210,
transfer=...)
at qpid/client/amqp0_10/SessionImpl.cpp:304
#10 0x00000038cd270407 in operator() (function_obj_ptr=<value optimized out>,
a0=...) at /usr/include/boost/bind/mem_fn_template.hpp:353
#11 operator()<bool, boost::_mfi::mf3<bool,
qpid::client::amqp0_10::SessionImpl, qpid::client::amqp0_10::ReceiverImpl*,
qpid::messaging::Message*,
qpid::client::amqp0_10::IncomingMessages::MessageTransfer&>,
boost::_bi::list1<qpid::client::amqp0_10::IncomingMessages::MessageTransfer&> >
(function_obj_ptr=<value optimized out>, a0=...) at
/usr/include/boost/bind.hpp:403
#12 operator()<qpid::client::amqp0_10::IncomingMessages::MessageTransfer>
(function_obj_ptr=<value optimized out>, a0=...) at
/usr/include/boost/bind/bind_template.hpp:32
#13 boost::detail::function::function_obj_invoker1<boost::_bi::bind_t<bool,
boost::_mfi::mf3<bool, qpid::client::amqp0_10::SessionImpl,
qpid::client::amqp0_10::ReceiverImpl*, qpid::messaging::Message*,
qpid::client::amqp0_10::IncomingMessages::MessageTransfer&>,
boost::_bi::list4<boost::_bi::value<qpid::client::amqp0_10::SessionImpl*>,
boost::_bi::value<qpid::client::amqp0_10::ReceiverImpl*>,
boost::_bi::value<qpid::messaging::Message*>, boost::arg<1> > >, bool,
qpid::client::amqp0_10::IncomingMessages::MessageTransfer&>::invoke
(function_obj_ptr=<value optimized out>, a0=...)
at /usr/include/boost/function/function_template.hpp:119
#14 0x00000038cd278d3f in boost::function1<bool,
qpid::client::amqp0_10::IncomingMessages::MessageTransfer&,
std::allocator<boost::function_base> >::operator() (this=0x20fe, a0=...)
at /usr/include/boost/function/function_template.hpp:576
#15 0x00000038cd2703bd in qpid::client::amqp0_10::(anonymous
namespace)::IncomingMessageHandler::accept (this=<value optimized out>,
transfer=...) at qpid/client/amqp0_10/SessionImpl.cpp:279
#16 0x00000038cd261bed in qpid::client::amqp0_10::IncomingMessages::get
(this=0x2aaaac009aa0, handler=..., timeout=<value optimized out>) at
qpid/client/amqp0_10/IncomingMessages.cpp:121
#17 0x00000038cd269f8e in qpid::client::amqp0_10::SessionImpl::getIncoming
(this=<value optimized out>, handler=..., timeout=<value optimized out>) at
qpid/client/amqp0_10/SessionImpl.cpp:324
#18 0x00000038cd26aef8 in qpid::client::amqp0_10::SessionImpl::get
(this=0x2aaaac009a50, receiver=<value optimized out>, message=<value optimized
out>, timeout=...)
at qpid/client/amqp0_10/SessionImpl.cpp:330
#19 0x00000038cd26757d in qpid::client::amqp0_10::ReceiverImpl::getImpl
(this=0x2aaaac00ae10, message=..., timeout=...) at
qpid/client/amqp0_10/ReceiverImpl.cpp:158
#20 0x00000038cd269399 in operator() (this=0x2aaaac009a50, f=...) at
qpid/client/amqp0_10/ReceiverImpl.h:107
#21
qpid::client::amqp0_10::SessionImpl::execute<qpid::client::amqp0_10::ReceiverImpl::Get>
(this=0x2aaaac009a50, f=...) at qpid/client/amqp0_10/SessionImpl.h:99
#22 0x00000038cd2675dc in qpid::client::amqp0_10::ReceiverImpl::get
(this=0x2aaaac00ae10, message=<value optimized out>, timeout=...) at
qpid/client/amqp0_10/ReceiverImpl.cpp:64
#23 0x00000038cd23f7fd in qpid::messaging::Receiver::get (this=<value optimized
out>, message=..., timeout=...) at qpid/messaging/Receiver.cpp:36
Jason Dillaman observes that 'IncomingMessages::retrieve() can call
AcceptTracker::delivered() while not
holding a lock'.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:dev-subscr...@qpid.apache.org
