You are viewing a plain text version of this content. The canonical link for it is here.
Posted to proton@qpid.apache.org by "Ken Giusti (JIRA)" <ji...@apache.org> on 2014/09/18 20:19:34 UTC
[jira] [Commented] (PROTON-687) Memory corruption in proton-test
[ https://issues.apache.org/jira/browse/PROTON-687?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14139278#comment-14139278 ]
Ken Giusti commented on PROTON-687:
-----------------------------------
Even without the patch, valgrind is complaining about use-after-free.
$ valgrind --trace-children=yes --suppressions=./tests/python/proton_tests/valgrind.supp ./tests/python/proton-test proton_tests.engine.CreditTest.testCreditReceiver
<snip>
proton_tests.engine.CreditTest.testCreditReceiver ..............................................................................................==20509== Invalid write of size 8
==20509== at 0xF4999D0: pn_delivery_set_context (engine.c:1218)
==20509== by 0xF23729F: _wrap_pn_delivery_set_context (cprotonPYTHON_wrap.c:11226)
==20509== by 0x30F0ADDC2D: PyEval_EvalFrameEx (ceval.c:4098)
==20509== by 0x30F0ADEBBC: PyEval_EvalCodeEx (ceval.c:3330)
==20509== by 0x30F0A6DC0F: function_call (funcobject.c:526)
==20509== by 0x30F0A49DA2: PyObject_Call (abstract.c:2529)
==20509== by 0x30F0A58514: instancemethod_call (classobject.c:2602)
==20509== by 0x30F0A49DA2: PyObject_Call (abstract.c:2529)
==20509== by 0x30F0AD8A36: PyEval_CallObjectWithKeywords (ceval.c:3967)
==20509== by 0x30F0A9E7BD: slot_tp_del (typeobject.c:5758)
==20509== by 0x30F0A99A39: subtype_dealloc (typeobject.c:982)
==20509== by 0x30F0A8829B: set_dealloc (setobject.c:564)
==20509== Address 0x1054dcb0 is 240 bytes inside a block of size 256 free'd
==20509== at 0x4A074C4: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==20509== by 0xF48E2A5: pn_class_decref (object.c:103)
==20509== by 0xF499EB0: pn_connection_unbound (engine.c:152)
==20509== by 0xF49A545: pn_connection_free (engine.c:134)
==20509== by 0xF233C03: _wrap_pn_connection_free (cprotonPYTHON_wrap.c:8188)
==20509== by 0x30F0ADDC2D: PyEval_EvalFrameEx (ceval.c:4098)
==20509== by 0x30F0ADD74B: PyEval_EvalFrameEx (ceval.c:4184)
==20509== by 0x30F0ADD74B: PyEval_EvalFrameEx (ceval.c:4184)
==20509== by 0x30F0ADEBBC: PyEval_EvalCodeEx (ceval.c:3330)
==20509== by 0x30F0A6DC0F: function_call (funcobject.c:526)
==20509== by 0x30F0A49DA2: PyObject_Call (abstract.c:2529)
==20509== by 0x30F0A58514: instancemethod_call (classobject.c:2602)
==20509==
pass
Marking this *blocker* for now.
> Memory corruption in proton-test
> --------------------------------
>
> Key: PROTON-687
> URL: https://issues.apache.org/jira/browse/PROTON-687
> Project: Qpid Proton
> Issue Type: Bug
> Components: proton-c, python-binding
> Affects Versions: 0.8
> Reporter: Cliff Jansen
> Attachments: segv.patch
>
>
> proton-test will fail with memory violations. Deallocated memory is accessed, usually with benign results but less often on Windows.
> The attached crude patch allows the bug to be "discovered" on Linux as well.
> It is not clear to me if the problem is with the swig wrapper, or whether this just exposes a reference counting bug in proton-c.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)