[jira] [Commented] (PROTON-1173) Proton C core dump in face of channel-max protocol violation

Mon, 11 Apr 2016 08:48:56 -0700 

    [ 
https://issues.apache.org/jira/browse/PROTON-1173?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15235328#comment-15235328
 ] 

ASF subversion and git services commented on PROTON-1173:
---------------------------------------------------------

Commit 9d88f823c1951012888440501fdbe111f344518d in qpid-proton's branch 
refs/heads/master from [~chug]
[ https://git-wip-us.apache.org/repos/asf?p=qpid-proton.git;h=9d88f82 ]

PROTON-1173: Close channel with error on channel-max violation


> Proton C core dump in face of channel-max protocol violation
> ------------------------------------------------------------
>
>                 Key: PROTON-1173
>                 URL: https://issues.apache.org/jira/browse/PROTON-1173
>             Project: Qpid Proton
>          Issue Type: Bug
>          Components: proton-c
>    Affects Versions: 0.11.1
>            Reporter: Chuck Rolke
>
> A rogue client creates a session on a channel higher than the channel-max 
> exchanged at connection open.
> {noformat}
> Mon Apr 11 10:34:27 2016 SERVER (trace) [1]:pn_session: too many sessions: 1  
> channel_max is 0 (/home/chug/git/qpid-dispatch/src/server.c:116)
> Program received signal SIGSEGV, Segmentation fault.
> 0x00007ffff793b84a in pn_do_begin (transport=0x6a4bd0, frame_type=0 '\000', 
> channel=1, args=0x7c1f60, payload=0x7fffffffd2c0)
>     at /home/chug/git/qpid-proton/proton-c/src/transport/transport.c:1205
> 1205    ssn->state.incoming_transfer_count = next;
> Missing separate debuginfos, use: debuginfo-install 
> nss-mdns-0.10-15.fc21.x86_64
> (gdb) 
> (gdb) list
> 1200      // XXX: what if session is NULL?
> 1201      ssn = (pn_session_t *) pn_hash_get(transport->local_channels, 
> remote_channel);
> 1202    } else {
> 1203      ssn = pn_session(transport->connection);
> 1204    }
> 1205    ssn->state.incoming_transfer_count = next;
> 1206    pni_map_remote_channel(ssn, channel);
> 1207    PN_SET_REMOTE(ssn->endpoint.state, PN_REMOTE_ACTIVE);
> 1208    pn_collector_put(transport->connection->collector, PN_OBJECT, ssn, 
> PN_SESSION_REMOTE_OPEN);
> 1209    return 0;
> (gdb) p ssn
> $1 = (pn_session_t *) 0x0
> (gdb) 
> {noformat}
> Session is null and SEGV is what happens.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to