You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zookeeper.apache.org by "Tianyi.Zhang (JIRA)" <ji...@apache.org> on 2016/04/21 06:07:25 UTC
[jira] [Created] (ZOOKEEPER-2414) c-client aborted when operate's
path is invalid in zoo_amulti
Tianyi.Zhang created ZOOKEEPER-2414:
---------------------------------------
Summary: c-client aborted when operate's path is invalid in zoo_amulti
Key: ZOOKEEPER-2414
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2414
Project: ZooKeeper
Issue Type: Bug
Components: c client
Affects Versions: 3.4.8
Reporter: Tianyi.Zhang
Priority: Critical
code like this:
{code}
zoo_op_t ops[2];
zoo_op_result_t results[2];
zoo_create_op_init(ops, "test", "1", 1, &ZOO_OPEN_ACL_UNSAFE, 0, NULL, 0);
zoo_create_op_init(ops+1, "/test/1", "2", 1, &ZOO_OPEN_ACL_UNSAFE, 0, NULL, 0);
zoo_multi(zkhandle, 2, ops, results);
{code}
The ops->path is invalid, and it will cause double free in the line 3136 of zookeeper.c.
{code}
switch(op->type) {
case ZOO_CREATE_OP: {
struct CreateRequest req;
rc = rc < 0 ? rc : CreateRequest_init(zh, &req,
op->create_op.path, op->create_op.data,
op->create_op.datalen, op->create_op.acl,
op->create_op.flags);
rc = rc < 0 ? rc : serialize_CreateRequest(oa, "req", &req);
result->value = op->create_op.buf;
result->valuelen = op->create_op.buflen;
enter_critical(zh);
entry = create_completion_entry(h.xid, COMPLETION_STRING, op_result_string_completion, result, 0, 0);
leave_critical(zh);
--> free_duplicate_path(req.path, op->create_op.path);
break;
}
{code}
This problem will happen when the 'rc' of last op is less than zero(maybe ZBADARGUMENTS or ZINVALIDSTATE).
In my case, rc of op[0] is ZBADARGUMENTS, and the req.path of the ‘free_duplicate_path’ is still 'test' when execute op[1].
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)