[jira] [Updated] (DISPATCH-2045) qd_hash_internal_remove_item writes to freed (pooled) memory on router shutdown

["Ganesh Murthy (Jira)" <ji...@apache.org>]

     [ https://issues.apache.org/jira/browse/DISPATCH-2045?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ganesh Murthy updated DISPATCH-2045:
------------------------------------
    Fix Version/s: 1.16.0

> qd_hash_internal_remove_item writes to freed (pooled) memory on router shutdown
> -------------------------------------------------------------------------------
>
>                 Key: DISPATCH-2045
>                 URL: https://issues.apache.org/jira/browse/DISPATCH-2045
>             Project: Qpid Dispatch
>          Issue Type: Bug
>    Affects Versions: 1.16.0
>            Reporter: Jiri Daněk
>            Priority: Minor
>             Fix For: 1.16.0
>
>         Attachments: 0001-DISPATCH-2039-WIP-add-prints-around-hash-inserts-and.patch, hashcrash.conf
>
>
> Apply the attached patch (), run router with the attached config, wait a moment, then stop the router. Note the following lines in the router output
> {code}
> inserting key M0$management
> inserting key L$management
> inserting key L$_management_internal
> inserting key Corg.apache
> inserting key CFakeBroker
> inserting key LlinkRoute/0
> inserting key Dorg.apache
> inserting key LlinkRoute/1
> ^C
> freeing item 0x61100000de10 with key 2/apache
> zeroing the handle pointer, of value 0x61100000de10
> freeing hash handle 0x611000034f10 for item (nil)
> freeing item 0x61100000df50 with key 1/org
> zeroing the handle pointer, of value 0x61100000df50
> freeing hash handle 0x611000035050 for item (nil)
> freeing item 0x611000030050 with key Corg.apache
> zeroing the handle pointer, of value 0x611000030050
> freeing hash handle 0x611000035190 for item (nil)
> freeing hash handle 0x611000034c90 for item 0x61100000db90
> freeing item 0x61100000dcd0 with key CFakeBroker
> zeroing the handle pointer, of value 0x61100000dcd0
> freeing hash handle 0x611000034dd0 for item (nil)
> freeing item 0x61100000d7d0 with key 2/apache
> zeroing the handle pointer, of value 0x61100000d7d0
> freeing hash handle 0x6110000348d0 for item (nil)
> freeing item 0x61100000d910 with key 1/org
> zeroing the handle pointer, of value 0x61100000d910
> freeing hash handle 0x611000034a10 for item (nil)
> freeing item 0x61100000da50 with key Dorg.apache
> zeroing the handle pointer, of value 0x61100000da50
> freeing hash handle 0x611000034b50 for item (nil)
> freeing hash handle 0x611000034790 for item 0x61100000d690
> freeing item 0x611000030410 with key M0$management
> zeroing the handle pointer, of value 0x611000030410
> freeing hash handle 0x611000035550 for item (nil)
> freeing item 0x6110000302d0 with key L$management
> zeroing the handle pointer, of value 0x6110000302d0
> freeing hash handle 0x611000035410 for item (nil)
> freeing item 0x611000030190 with key L$_management_internal
> zeroing the handle pointer, of value 0x611000030190
> freeing hash handle 0x6110000352d0 for item (nil)
> freeing item 0x61100000db90 with key LlinkRoute/0
> zeroing the handle pointer, of value 0x9999999999999999
> freeing item 0x61100000d690 with key LlinkRoute/1
> zeroing the handle pointer, of value 0x9999999999999999
> freeing item 0x611000007290 with key router
> {code}
> The problem is at the end, writing to memory set to {{#define QD_MEMORY_FREE 0x99}}.
> {noformat}
> freeing item 0x61100000db90 with key LlinkRoute/0
> zeroing the handle pointer, of value 0x9999999999999999
> freeing item 0x61100000d690 with key LlinkRoute/1
> zeroing the handle pointer, of value 0x9999999999999999
> freeing item 0x611000007290 with key router
> {noformat}
> That is because a handle can be freed before the item, which happened in this case, in {{freeing hash handle 0x611000034790 for item 0x61100000d690}}.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org