[
https://issues.apache.org/jira/browse/QPID-3227?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13025839#comment-13025839
]
[email protected] commented on QPID-3227:
-----------------------------------------------------
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/667/#review577
-----------------------------------------------------------
I recommend adding in this extra assertion to RdmaIO.cpp:
This would have caught the original bug.
--- a/qpid/cpp/src/qpid/sys/rdma/RdmaIO.cpp
+++ b/qpid/cpp/src/qpid/sys/rdma/RdmaIO.cpp
@@ -213,6 +213,7 @@ namespace Rdma {
Buffer* ob = buff ? buff : getSendBuffer();
// Add FrameHeader after frame data
FrameHeader header(credit);
+ assert(int32_t(ob->dataCount()+FrameHeaderSize) <= ob->byteCount())
::memcpy(ob->bytes()+ob->dataCount(), &header, FrameHeaderSize);
ob->dataCount(ob->dataCount()+FrameHeaderSize);
qp->postSend(ob);
- Andrew
On 2011-04-26 20:08:35, Kenneth Giusti wrote:
bq.
bq. -----------------------------------------------------------
bq. This is an automatically generated e-mail. To reply, visit:
bq. https://reviews.apache.org/r/667/
bq. -----------------------------------------------------------
bq.
bq. (Updated 2011-04-26 20:08:35)
bq.
bq.
bq. Review request for qpid, Andrew Stitcher, Gordon Sim, and Chug Rolke.
bq.
bq.
bq. Summary
bq. -------
bq.
bq. Prevents buffer overflow bug by explicitly allowing RdmaIO layer to
reserve header space in send buffers.
bq.
bq.
bq. This addresses bug QPID-3227.
bq. https://issues.apache.org/jira/browse/QPID-3227
bq.
bq.
bq. Diffs
bq. -----
bq.
bq. /trunk/qpid/cpp/src/qpid/sys/rdma/RdmaIO.cpp 1096872
bq. /trunk/qpid/cpp/src/qpid/sys/rdma/rdma_wrap.h 1096872
bq. /trunk/qpid/cpp/src/qpid/sys/rdma/rdma_wrap.cpp 1096872
bq.
bq. Diff: https://reviews.apache.org/r/667/diff
bq.
bq.
bq. Testing
bq. -------
bq.
bq. unit tests & scale testing (by hand using perftest).
bq.
bq.
bq. Thanks,
bq.
bq. Kenneth
bq.
bq.
> rdma layer may allow overrun of send buffers
> --------------------------------------------
>
> Key: QPID-3227
> URL: https://issues.apache.org/jira/browse/QPID-3227
> Project: Qpid
> Issue Type: Bug
> Components: C++ Broker
> Affects Versions: 0.10
> Reporter: Ken Giusti
> Assignee: Ken Giusti
> Fix For: 0.11
>
> Attachments: QPID-3227.patch
>
>
> The rdma driver adds a small trailer to outbound buffers, however the size of
> this header is not accounted for when the buffer's size is passed to the
> codec. If the codec fills all available buffer space, the rdma driver will
> overwrite the end of the buffer when adding the trailer.
> Kudos to Chuck Rolke for helping root-cause this bug!
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:[email protected]
