You are viewing a plain text version of this content. The canonical link for it is here.
Posted to proton@qpid.apache.org by "Ken Giusti (JIRA)" <ji...@apache.org> on 2014/09/18 20:19:34 UTC

[jira] [Commented] (PROTON-687) Memory corruption in proton-test

    [ https://issues.apache.org/jira/browse/PROTON-687?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14139278#comment-14139278 ] 

Ken Giusti commented on PROTON-687:
-----------------------------------

Even without the patch, valgrind is complaining about use-after-free.  

$ valgrind --trace-children=yes --suppressions=./tests/python/proton_tests/valgrind.supp ./tests/python/proton-test proton_tests.engine.CreditTest.testCreditReceiver

<snip>

proton_tests.engine.CreditTest.testCreditReceiver ..............................................................................................==20509== Invalid write of size 8
==20509==    at 0xF4999D0: pn_delivery_set_context (engine.c:1218)
==20509==    by 0xF23729F: _wrap_pn_delivery_set_context (cprotonPYTHON_wrap.c:11226)
==20509==    by 0x30F0ADDC2D: PyEval_EvalFrameEx (ceval.c:4098)
==20509==    by 0x30F0ADEBBC: PyEval_EvalCodeEx (ceval.c:3330)
==20509==    by 0x30F0A6DC0F: function_call (funcobject.c:526)
==20509==    by 0x30F0A49DA2: PyObject_Call (abstract.c:2529)
==20509==    by 0x30F0A58514: instancemethod_call (classobject.c:2602)
==20509==    by 0x30F0A49DA2: PyObject_Call (abstract.c:2529)
==20509==    by 0x30F0AD8A36: PyEval_CallObjectWithKeywords (ceval.c:3967)
==20509==    by 0x30F0A9E7BD: slot_tp_del (typeobject.c:5758)
==20509==    by 0x30F0A99A39: subtype_dealloc (typeobject.c:982)
==20509==    by 0x30F0A8829B: set_dealloc (setobject.c:564)
==20509==  Address 0x1054dcb0 is 240 bytes inside a block of size 256 free'd
==20509==    at 0x4A074C4: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==20509==    by 0xF48E2A5: pn_class_decref (object.c:103)
==20509==    by 0xF499EB0: pn_connection_unbound (engine.c:152)
==20509==    by 0xF49A545: pn_connection_free (engine.c:134)
==20509==    by 0xF233C03: _wrap_pn_connection_free (cprotonPYTHON_wrap.c:8188)
==20509==    by 0x30F0ADDC2D: PyEval_EvalFrameEx (ceval.c:4098)
==20509==    by 0x30F0ADD74B: PyEval_EvalFrameEx (ceval.c:4184)
==20509==    by 0x30F0ADD74B: PyEval_EvalFrameEx (ceval.c:4184)
==20509==    by 0x30F0ADEBBC: PyEval_EvalCodeEx (ceval.c:3330)
==20509==    by 0x30F0A6DC0F: function_call (funcobject.c:526)
==20509==    by 0x30F0A49DA2: PyObject_Call (abstract.c:2529)
==20509==    by 0x30F0A58514: instancemethod_call (classobject.c:2602)
==20509== 
 pass


Marking this *blocker* for now.

> Memory corruption in proton-test
> --------------------------------
>
>                 Key: PROTON-687
>                 URL: https://issues.apache.org/jira/browse/PROTON-687
>             Project: Qpid Proton
>          Issue Type: Bug
>          Components: proton-c, python-binding
>    Affects Versions: 0.8
>            Reporter: Cliff Jansen
>         Attachments: segv.patch
>
>
> proton-test will fail with memory violations.  Deallocated memory is accessed, usually with benign results but less often on Windows.
> The attached crude patch allows the bug to be "discovered" on Linux as well.
> It is not clear to me if the problem is with the swig wrapper, or whether this just exposes a reference counting bug in proton-c.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)