You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Robbie Gemmell (JIRA)" <ji...@apache.org> on 2018/05/02 10:33:00 UTC
[jira] [Commented] (PROTON-1832) [c] duplicate link names cause
invalid read in pn_transport_unbind_handles
[ https://issues.apache.org/jira/browse/PROTON-1832?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16460843#comment-16460843 ]
Robbie Gemmell commented on PROTON-1832:
----------------------------------------
Most of the commentary for this issue can actually be found on PROTON-1831.
> [c] duplicate link names cause invalid read in pn_transport_unbind_handles
> --------------------------------------------------------------------------
>
> Key: PROTON-1832
> URL: https://issues.apache.org/jira/browse/PROTON-1832
> Project: Qpid Proton
> Issue Type: Bug
> Components: proton-c
> Affects Versions: proton-c-0.22.0
> Reporter: Alan Conway
> Assignee: Alan Conway
> Priority: Major
> Fix For: proton-c-0.23.0
>
>
> Proton has an invalid read error in pn_transport_unbind_handles under specific circumstances where the same name is used to create 2 different incoming links on the same session.
> This patch demonstrates
> {code:java}
> 1 file changed, 43 insertions(+), 2 deletions(-)
> c/tests/connection_driver.c | 45 +++++++++++++++++++++++++++++++++++++++++++--
> modified c/tests/connection_driver.c
> @@ -48,6 +48,24 @@ static pn_event_type_t open_handler(test_handler_t *th, pn_event_t *e) {
> return PN_EVENT_NONE;
> }
>
> +/* Like open_handler but also reply to REMOTE_CLOSE */
> +static pn_event_type_t open_close_handler(test_handler_t *th, pn_event_t *e) {
> + switch (pn_event_type(e)) {
> + case PN_CONNECTION_REMOTE_CLOSE:
> + pn_connection_open(pn_event_connection(e));
> + break;
> + case PN_SESSION_REMOTE_CLOSE:
> + pn_session_open(pn_event_session(e));
> + break;
> + case PN_LINK_REMOTE_CLOSE:
> + pn_link_close(pn_event_link(e));
> + break;
> + default:
> + return open_handler(th, e);
> + }
> + return PN_EVENT_NONE;
> +}
> +
> /* Handler that returns control on PN_DELIVERY and stores the delivery on the handler */
> static pn_event_type_t delivery_handler(test_handler_t *th, pn_event_t *e) {
> switch (pn_event_type(e)) {
> @@ -442,6 +458,30 @@ static void test_session_flow_control(test_t *t) {
> test_connection_drivers_destroy(&client, &server);
> }
>
> +/* Regression test for crash caused by using the same name for multiple links on same session. */
> +static void test_duplicate_link(test_t *t) {
> + /* Set up the initial link */
> + test_connection_driver_t client, server;
> + test_connection_drivers_init(t, &client, open_close_handler, &server, open_close_handler);
> + pn_connection_open(client.driver.connection);
> + pn_session_t *ssn = pn_session(client.driver.connection);
> + pn_session_open(ssn);
> + pn_link_t *x = pn_sender(ssn, "x");
> + pn_link_open(x);
> + /* Close the link and open a new link with same name.
> + NOTE: close and duplicate open must be in the same batch of events
> + */
> + pn_link_close(x);
> + pn_link_open(pn_sender(ssn, "x"));
> + test_connection_drivers_run(&client, &server);
> + /* At this point the server has 2 handle map entries for the same link.
> + Freeing the link is correct, refcounting will keep it in memory,
> + but the extra handle map entry will cause a core dump in pn_transport_unbind_handles
> + */
> + pn_link_free(server.handler.link);
> + test_connection_drivers_destroy(&client, &server);
> +}
> +
> int main(int argc, char **argv) {
> int failed = 0;
> RUN_ARGV_TEST(failed, t, test_message_transfer(&t));
> @@ -449,5 +489,6 @@ int main(int argc, char **argv) {
> RUN_ARGV_TEST(failed, t, test_message_abort(&t));
> RUN_ARGV_TEST(failed, t, test_message_abort_mixed(&t));
> RUN_ARGV_TEST(failed, t, test_session_flow_control(&t));
> + RUN_ARGV_TEST(failed, t, test_duplicate_link(&t));
> return failed;
> }
> {code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org