[
https://issues.apache.org/jira/browse/DISPATCH-928?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16367821#comment-16367821
]
Gordon Sim commented on DISPATCH-928:
-------------------------------------
For a simple reproducer, start two routers with the following conf:
{noformat}
router {
mode: interior
id: Router.A
defaultDistribution: unavailable
}
listener {
host: 0.0.0.0
port: 5672
authenticatePeer: no
idleTimeoutSeconds: 0
}
listener {
host: 0.0.0.0
port: 55672
authenticatePeer: no
role: inter-router
idleTimeoutSeconds: 0
}
address {
prefix: examples
}
{noformat}
and
{noformat}
router {
mode: interior
id: Router.B
defaultDistribution: unavailable
}
listener {
host: 0.0.0.0
port: 5674
authenticatePeer: no
idleTimeoutSeconds: 0
}
connector {
name: inter-router
host: 0.0.0.0
port: 55672
role: inter-router
idleTimeoutSeconds: 0
}
{noformat}
Then run simple_recv.py.
Though the config files above are obviously misconfigured, the same setup can
occur when dynamically provisioning routers if there is a small delay between
defining an address one and defining it on the other (which in reality is
inevitable).
> calling map_destination for 'undefined' address causes segfault
> ---------------------------------------------------------------
>
> Key: DISPATCH-928
> URL: https://issues.apache.org/jira/browse/DISPATCH-928
> Project: Qpid Dispatch
> Issue Type: Bug
> Reporter: Gordon Sim
> Priority: Major
>
> If qdr_map_destination_CT is called for an address that has not been defined
> on a router that has the default distribution set to 'undefined',
> qdr_address_CT (line 578 at present) returns null. However there is no check
> for this and the address is used to get a hash_handle which causes a segfault.
> Under valgrind you see:
> {noformat}
> ==10232== Invalid write of size 8
> ==10232== at 0x4E67501: qd_hash_internal_insert (hash.c:156)
> ==10232== by 0x4E6756B: qd_hash_insert (hash.c:168)
> ==10232== by 0x4E91644: qdr_map_destination_CT (route_tables.c:579)
> ==10232== by 0x4E8F80D: router_core_thread (router_core_thread.c:83)
> ==10232== by 0x550F739: start_thread (in /usr/lib64/libpthread-2.24.so)
> ==10232== by 0x607AE7E: clone (in /usr/lib64/libc-2.24.so)
> ==10232== Address 0x98 is not stack'd, malloc'd or (recently) free'd
> {noformat}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
