You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Håkan Johansson (JIRA)" <ji...@apache.org> on 2016/11/07 10:42:58 UTC
[jira] [Updated] (QPID-7054) Crash when closing a sender after the
connection has been closed (with patch).
[ https://issues.apache.org/jira/browse/QPID-7054?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Håkan Johansson updated QPID-7054:
----------------------------------
Attachment: qpid-7054.2.patch
The previous patch is not enough.
If you call _Sender::close_ before closing the session or connection, then the sender will unregister itself from the session, but the _SenderContext_ will keep a reference to a proton-c link object (called "sender"). The proton-c link object is still owned by the proton-c session object. This causes a double-free in the _SenderContext_'s destructor.
I have added an additional patch that clears the proton-c link object in the _SenderContext::close_ method.
> Crash when closing a sender after the connection has been closed (with patch).
> ------------------------------------------------------------------------------
>
> Key: QPID-7054
> URL: https://issues.apache.org/jira/browse/QPID-7054
> Project: Qpid
> Issue Type: Bug
> Components: C++ Client
> Affects Versions: qpid-cpp-0.34
> Environment: Red Hat Enterprise Linux Server release 6.7 (Santiago)
> The broker is ActiveMQ 5.13.0.
> The protocol used in AMQP 1.0.
> Reporter: Håkan Johansson
> Attachments: crash_test.cc, qpid-7054.2.patch, qpid-7054.patch
>
>
> There will be a crash if you close your _Sender_ after the _Connection_ has been closed.
> To reproduce, compile and run the attached "crash_test.cc" file.
> The test program is very simple. It creates _Connection_, _Session_, and _Sender_ instances, then closes the connection explicitly followed by closing the sender. The closing of the sender causes an exception to be thrown as the connection is dead, but that is caught.
> The crash happens when the _Session_ object is destructed at the end of the test function. This causes the _SenderContext_ from the sender to be destructed, which tries to close the underlying _pn_link_t_ object to be freed, but that object refers to a deleted _pn_connection_t_ object. The exception during _Sender::close_ stopped the proper cleanup to be done.
> The _Sender::close_ method calls _ConnectionContext::detach_ to disconnect it from its session. One problem here is that the _Connection::close_ method made the connection forget all its sessions, but the sessions still remember their connection, including the underlying proton objects. The connection tries to reconnect to the broker and resets its internal connection, causing the proton connection object to be freed. It then tells all its sessions about this, but those are forgotten earlier. This means that we end up with _pn_link_t_ objects that refer to a deleted _pn_connection_t_ object.
> I have a attached a patch to this jira which stops the _ConnectionContext::detach_ method from trying to do remote actions if not connected. The row numbers in this patch assumes that the patch in QPID-7051 is already applied, which might cause some offset warnings when applying this patch.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org