[ https://issues.apache.org/jira/browse/PROTON-1360?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Justin Ross updated PROTON-1360: -------------------------------- Fix Version/s: 0.17.0 > pn_strndup (util.c:150) Invalid write of size 1 > ----------------------------------------------- > > Key: PROTON-1360 > URL: https://issues.apache.org/jira/browse/PROTON-1360 > Project: Qpid Proton > Issue Type: Bug > Components: proton-c > Affects Versions: 0.15.0, 0.16.0 > Reporter: Jiri Danek > Assignee: Alan Conway > Fix For: 0.17.0 > > Attachments: crash-cacbe90ba41be2fb116697da7a90bfd716812c7b, > minimized-from-9a77cc2e90542c5aa1e55a86d2c9920febb0ad68 > > > {noformat} > nc -l 127.0.0.1 5672 < ./crash-cacbe90ba41be2fb116697da7a90bfd716812c7b > {noformat} > On 0.15.0, do > {noformat} > [qpid-proton-0.15.0/build/examples/c/messenger] $ valgrind ./recv > 127.0.0.1/jms.queue.example > ==5749== Memcheck, a memory error detector > ==5749== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al. > ==5749== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info > ==5749== Command: ./recv 127.0.0.1/jms.queue.example > ==5749== > ==5749== Invalid write of size 1 > ==5749== at 0x4C2D13C: __strncpy_sse2_unaligned (vg_replace_strmem.c:548) > ==5749== by 0x4E4AD80: pn_strndup (util.c:259) > ==5749== by 0x4E5A7BE: pn_bytes_strdup (transport.c:1153) > ==5749== by 0x4E5A7BE: pn_do_open (transport.c:1198) > ==5749== by 0x4E52B6A: pni_dispatch_action (dispatcher.c:74) > ==5749== by 0x4E52B6A: pni_dispatch_frame (dispatcher.c:116) > ==5749== by 0x4E52B6A: pn_dispatcher_input (dispatcher.c:135) > ==5749== by 0x4E5906B: pn_input_read_amqp (transport.c:2523) > ==5749== by 0x4E59129: transport_consume (transport.c:1799) > ==5749== by 0x4E5C971: pn_transport_process (transport.c:2908) > ==5749== by 0x4E646F3: pni_connection_readable (messenger.c:262) > ==5749== by 0x4E6482F: pn_messenger_process (messenger.c:1367) > ==5749== by 0x4E649E0: pn_messenger_tsync (messenger.c:1439) > ==5749== by 0x4E64F94: pn_messenger_recv (messenger.c:2212) > ==5749== by 0x4012A4: main (recv.c:131) > ==5749== Address 0x772d641 is 0 bytes after a block of size 1 alloc'd > ==5749== at 0x4C29BE3: malloc (vg_replace_malloc.c:299) > ==5749== by 0x4E4AD6A: pn_strndup (util.c:257) > ==5749== by 0x4E5A7BE: pn_bytes_strdup (transport.c:1153) > ==5749== by 0x4E5A7BE: pn_do_open (transport.c:1198) > ==5749== by 0x4E52B6A: pni_dispatch_action (dispatcher.c:74) > ==5749== by 0x4E52B6A: pni_dispatch_frame (dispatcher.c:116) > ==5749== by 0x4E52B6A: pn_dispatcher_input (dispatcher.c:135) > ==5749== by 0x4E5906B: pn_input_read_amqp (transport.c:2523) > ==5749== by 0x4E59129: transport_consume (transport.c:1799) > ==5749== by 0x4E5C971: pn_transport_process (transport.c:2908) > ==5749== by 0x4E646F3: pni_connection_readable (messenger.c:262) > ==5749== by 0x4E6482F: pn_messenger_process (messenger.c:1367) > ==5749== by 0x4E649E0: pn_messenger_tsync (messenger.c:1439) > ==5749== by 0x4E64F94: pn_messenger_recv (messenger.c:2212) > ==5749== by 0x4012A4: main (recv.c:131) > ==5749== > Address: jms.queue.example > Subject: (no subject) > Content: "test message: 26" > {noformat} > On 0.16.0 you can do > {noformat} > [proactor]$ valgrind ./libuv_receive -a 127.0.0.1:5672/jms.queue.example -m 2 > ==26215== Memcheck, a memory error detector > ==26215== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al. > ==26215== Using Valgrind-3.12.0 and LibVEX; rerun with -h for copyright info > ==26215== Command: ./libuv_receive -a 127.0.0.1:5672/jms.queue.example -m 2 > ==26215== > ==26215== Invalid write of size 1 > ==26215== at 0x4C2E284: __strncpy_sse2_unaligned (in > /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) > ==26215== by 0x4E4CF71: pn_strndup (util.c:150) > ==26215== by 0x4E5B0EE: pn_bytes_strdup (transport.c:1154) > ==26215== by 0x4E5B0EE: pn_do_open (transport.c:1199) > ==26215== by 0x4E53270: pni_dispatch_action (dispatcher.c:74) > ==26215== by 0x4E53270: pni_dispatch_frame (dispatcher.c:116) > ==26215== by 0x4E53270: pn_dispatcher_input (dispatcher.c:135) > ==26215== by 0x4E599BB: pn_input_read_amqp (transport.c:2524) > ==26215== by 0x4E59A89: transport_consume (transport.c:1800) > ==26215== by 0x4E5D115: pn_transport_process (transport.c:2909) > ==26215== by 0x404EBB: on_read (libuv_proactor.c:511) > ==26215== by 0x509A2FC: ??? (in /usr/lib/libuv.so.1.0.0) > ==26215== by 0x509AC0B: ??? (in /usr/lib/libuv.so.1.0.0) > ==26215== by 0x509F937: uv__io_poll (in /usr/lib/libuv.so.1.0.0) > ==26215== by 0x50912B3: uv_run (in /usr/lib/libuv.so.1.0.0) > ==26215== Address 0x69c28d1 is 0 bytes after a block of size 1 alloc'd > ==26215== at 0x4C2AB8D: malloc (in > /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) > ==26215== by 0x4E4CF5B: pn_strndup (util.c:148) > ==26215== by 0x4E5B0EE: pn_bytes_strdup (transport.c:1154) > ==26215== by 0x4E5B0EE: pn_do_open (transport.c:1199) > ==26215== by 0x4E53270: pni_dispatch_action (dispatcher.c:74) > ==26215== by 0x4E53270: pni_dispatch_frame (dispatcher.c:116) > ==26215== by 0x4E53270: pn_dispatcher_input (dispatcher.c:135) > ==26215== by 0x4E599BB: pn_input_read_amqp (transport.c:2524) > ==26215== by 0x4E59A89: transport_consume (transport.c:1800) > ==26215== by 0x4E5D115: pn_transport_process (transport.c:2909) > ==26215== by 0x404EBB: on_read (libuv_proactor.c:511) > ==26215== by 0x509A2FC: ??? (in /usr/lib/libuv.so.1.0.0) > ==26215== by 0x509AC0B: ??? (in /usr/lib/libuv.so.1.0.0) > ==26215== by 0x509F937: uv__io_poll (in /usr/lib/libuv.so.1.0.0) > ==26215== by 0x50912B3: uv_run (in /usr/lib/libuv.so.1.0.0) > ==26215== > "test message: 26" > ^C==26215== > ==26215== Process terminating with default action of signal 2 (SIGINT) > ==26215== at 0x5EB2F19: syscall (in /usr/lib/libc-2.24.so) > ==26215== by 0x50A1579: uv__epoll_wait (in /usr/lib/libuv.so.1.0.0) > ==26215== by 0x509F883: uv__io_poll (in /usr/lib/libuv.so.1.0.0) > ==26215== by 0x50912B3: uv_run (in /usr/lib/libuv.so.1.0.0) > ==26215== by 0x405514: pn_proactor_wait (libuv_proactor.c:709) > ==26215== by 0x403C9C: main (receive.c:194) > ==26215== > ==26215== HEAP SUMMARY: > ==26215== in use at exit: 82,501 bytes in 737 blocks > ==26215== total heap usage: 860 allocs, 123 frees, 98,564 bytes allocated > ==26215== > ==26215== LEAK SUMMARY: > ==26215== definitely lost: 0 bytes in 0 blocks > ==26215== indirectly lost: 0 bytes in 0 blocks > ==26215== possibly lost: 62,773 bytes in 733 blocks > ==26215== still reachable: 19,728 bytes in 4 blocks > ==26215== suppressed: 0 bytes in 0 blocks > ==26215== Rerun with --leak-check=full to see details of leaked memory > ==26215== > ==26215== For counts of detected and suppressed errors, rerun with: -v > ==26215== ERROR SUMMARY: 6 errors from 1 contexts (suppressed: 0 from 0) > {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org