30 - Zero-size content crashes server & client

Reported by Alex McGregorAlex McGregor (1224492253|%O ago)

In OpenAMQ/1.2d5 and OpenAMQ/1.3b2, publishing or receiving a zero-sized content causes a crash:

Bug
#0  0xb7f49410 in __kernel_vsyscall ()
#1  0xb7dd0085 in raise () from /lib/tls/i686/cmov/libc.so.6
#2  0xb7dd1a01 in abort () from /lib/tls/i686/cmov/libc.so.6
#3  0x08143cfe in ipr_bucket_list_first_ (self=0x0, file=0x81c3a3a "amq_content_basic.c", line=1003)
    at ipr_bucket_list.c:1420
#4  0x0810fde2 in amq_content_basic_set_reader (self=0x856d808, reader=0x850f110, frame_max=32768)
    at amq_content_basic.c:1003
#5  0x080b9054 in amq_server_agent_manager (thread_p=0xb459c3b4) at amq_server_agent.c:17889
#6  0x081746e3 in s_execute (apr_thread=0x8452470, data=0x842a098) at smt_os_thread.c:3216
#7  0x081996f6 in dummy_worker (opaque=0x8452470) at threadproc/unix/thread.c:138
#8  0xb7efa4fb in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#9  0xb7e7be5e in clone () from /lib/tls/i686/cmov/libc.so.6

The problem is in the content class set_reader() method which uses the content's bucket list even if empty:

        reader->iterator = ipr_bucket_list_first (self->bucket_list);

Attachments:

No files attached to this page.

Comments

Add a New Comment

Edit | Files | Tags | Print

rating: +1+x

Who's following this issue?

pieterhpieterh
martin_sustrikmartin_sustrik
CybariteCybarite
Watch: site | category | page

Submitted by Alex McGregorAlex McGregor

Use one of these tags to say what kind of issue it is:

  • issue - a fault in the software or the packaging or the documentation.
  • change - a change or feature request.

Use one of these tags to say what state the issue is in:

  • open - a new, open issue.
  • closed - issue has been closed.
  • rejected - the issue has been rejected.

Use one of these tags to say how urgent the issue is:

  • fatal - the issue is stopping all work.
  • urgent - it's urgent.

All open

89 - multi-threaded client connection failure (17 Nov 2012 16:28) [open]
87 - Zyre returns incomplete XML (26 Apr 2010 08:15) [open]
86 - SFL 'random(num)' macro is wrong in sfl.h (31 Mar 2010 09:23) [open]
85 - Zyre does not start on Solaris (23 Mar 2010 01:29) [open]
84 - OpenAMQ JMS - AMQTopic constructor use HEADER name and class instead of TOPIC (28 Jan 2010 17:04) [open]
83 - WireAPI: How to 'override' signal handlers? (14 Jan 2010 17:33) [open]
82 - Opf Classes Cannot Accept Default Values With Characte (06 Jan 2010 09:34) [open]
81 - AMQP Topic Exhange Routing (29 Dec 2009 00:21) [open]
80 - OpenAMQ reports malformed frame on 0-9-1 queue.unbind (20 Nov 2009 12:33) [open]
79 - AMQ Server crashing if subscribe topic is set as #.# (30 Oct 2009 06:11) [open]
78 - Error while publishing the messages faster (30 Oct 2009 05:57) [open]
77 - Tuning for latency (28 Oct 2009 16:47) [open]
76 - New user forum (28 Oct 2009 11:29) [change open]
74 - Simulaneous connect/disconnect from multiple threads crashes (03 Sep 2009 15:32) [open]
73 - Topic Exchange not sending a message to XXX.* (25 Aug 2009 21:10) [open]
72 - amq_content_basic_new() causes seg fault if not connected to broker (12 Aug 2009 23:50) [open]
71 - zyre bugs (06 Aug 2009 09:33) [open]
69 - OpenAMQ and Zyre (15 Jul 2009 11:27) [open]
68 - Change names of max and min source code macros (10 Jul 2009 16:52) [open]
67 - Server crash when multiple consumers ack on shared queue (26 Jun 2009 11:35) [open]

page 1 of 212next »

Most recent