[
https://issues.apache.org/jira/browse/DISPATCH-2045?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ganesh Murthy resolved DISPATCH-2045.
-------------------------------------
Assignee: Ganesh Murthy
Resolution: Fixed
> qd_hash_internal_remove_item writes to freed (pooled) memory on router
> shutdown
> -------------------------------------------------------------------------------
>
> Key: DISPATCH-2045
> URL: https://issues.apache.org/jira/browse/DISPATCH-2045
> Project: Qpid Dispatch
> Issue Type: Bug
> Affects Versions: 1.16.0
> Reporter: Jiri Daněk
> Assignee: Ganesh Murthy
> Priority: Minor
> Fix For: 1.16.0
>
> Attachments:
> 0001-DISPATCH-2039-WIP-add-prints-around-hash-inserts-and.patch,
> hashcrash.conf
>
>
> Apply the attached patch (), run router with the attached config, wait a
> moment, then stop the router. Note the following lines in the router output
> {code}
> inserting key M0$management
> inserting key L$management
> inserting key L$_management_internal
> inserting key Corg.apache
> inserting key CFakeBroker
> inserting key LlinkRoute/0
> inserting key Dorg.apache
> inserting key LlinkRoute/1
> ^C
> freeing item 0x61100000de10 with key 2/apache
> zeroing the handle pointer, of value 0x61100000de10
> freeing hash handle 0x611000034f10 for item (nil)
> freeing item 0x61100000df50 with key 1/org
> zeroing the handle pointer, of value 0x61100000df50
> freeing hash handle 0x611000035050 for item (nil)
> freeing item 0x611000030050 with key Corg.apache
> zeroing the handle pointer, of value 0x611000030050
> freeing hash handle 0x611000035190 for item (nil)
> freeing hash handle 0x611000034c90 for item 0x61100000db90
> freeing item 0x61100000dcd0 with key CFakeBroker
> zeroing the handle pointer, of value 0x61100000dcd0
> freeing hash handle 0x611000034dd0 for item (nil)
> freeing item 0x61100000d7d0 with key 2/apache
> zeroing the handle pointer, of value 0x61100000d7d0
> freeing hash handle 0x6110000348d0 for item (nil)
> freeing item 0x61100000d910 with key 1/org
> zeroing the handle pointer, of value 0x61100000d910
> freeing hash handle 0x611000034a10 for item (nil)
> freeing item 0x61100000da50 with key Dorg.apache
> zeroing the handle pointer, of value 0x61100000da50
> freeing hash handle 0x611000034b50 for item (nil)
> freeing hash handle 0x611000034790 for item 0x61100000d690
> freeing item 0x611000030410 with key M0$management
> zeroing the handle pointer, of value 0x611000030410
> freeing hash handle 0x611000035550 for item (nil)
> freeing item 0x6110000302d0 with key L$management
> zeroing the handle pointer, of value 0x6110000302d0
> freeing hash handle 0x611000035410 for item (nil)
> freeing item 0x611000030190 with key L$_management_internal
> zeroing the handle pointer, of value 0x611000030190
> freeing hash handle 0x6110000352d0 for item (nil)
> freeing item 0x61100000db90 with key LlinkRoute/0
> zeroing the handle pointer, of value 0x9999999999999999
> freeing item 0x61100000d690 with key LlinkRoute/1
> zeroing the handle pointer, of value 0x9999999999999999
> freeing item 0x611000007290 with key router
> {code}
> The problem is at the end, writing to memory set to {{#define QD_MEMORY_FREE
> 0x99}}.
> {noformat}
> freeing item 0x61100000db90 with key LlinkRoute/0
> zeroing the handle pointer, of value 0x9999999999999999
> freeing item 0x61100000d690 with key LlinkRoute/1
> zeroing the handle pointer, of value 0x9999999999999999
> freeing item 0x611000007290 with key router
> {noformat}
> That is because a handle can be freed before the item, which happened in this
> case, in {{freeing hash handle 0x611000034790 for item 0x61100000d690}}.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
