[
https://issues.apache.org/jira/browse/DISPATCH-820?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Gordon Sim updated DISPATCH-820:
--------------------------------
Description:
(1) start two connected routers
(2) connect to one and open a sending link to the managament agent on the other
(3) kill that other router
(4) wait for some time until the killed router is removed from the first router
(5) detach the management link
You now get a double delete of an address hash with something like the
following:
{noformat}
==1== Thread 2:
==1== Invalid free() / delete / delete[] / realloc()
==1== at 0x4C2ED4A: free (vg_replace_malloc.c:530)
==1== by 0x4E616A8: qd_hash_remove_by_handle (hash.c:328)
==1== by 0x4E7938E: qdr_core_remove_address (router_core.c:323)
==1== by 0x4E759E0: qdr_link_inbound_detach_CT (connections.c:1711)
==1== by 0x4E79C24: router_core_thread (router_core_thread.c:83)
==1== by 0x54EA739: start_thread (in /usr/lib64/libpthread-2.24.so)
==1== by 0x6055E7E: clone (in /usr/lib64/libc-2.24.so)
==1== Address 0x9c4ba10 is 0 bytes inside a block of size 41 free'd
==1== at 0x4C2ED4A: free (vg_replace_malloc.c:530)
==1== by 0x4E616A8: qd_hash_remove_by_handle (hash.c:328)
==1== by 0x4E7938E: qdr_core_remove_address (router_core.c:323)
==1== by 0x4E79CCF: router_core_thread (router_core_thread.c:83)
==1== by 0x54EA739: start_thread (in /usr/lib64/libpthread-2.24.so)
==1== by 0x6055E7E: clone (in /usr/lib64/libc-2.24.so)
==1== Block was alloc'd at
==1== at 0x4C2DB9D: malloc (vg_replace_malloc.c:299)
==1== by 0x4E6292B: qd_iterator_copy (iterator.c:737)
==1== by 0x4E61423: qd_hash_internal_insert (hash.c:146)
==1== by 0x4E61423: qd_hash_insert_const (hash.c:187)
==1== by 0x4E7A259: qdr_add_router_CT (route_tables.c:288)
==1== by 0x4E79CCF: router_core_thread (router_core_thread.c:83)
==1== by 0x54EA739: start_thread (in /usr/lib64/libpthread-2.24.so)
==1== by 0x6055E7E: clone (in /usr/lib64/libc-2.24.so)
==1==
{noformat}
was:
(1) start two connected routers
(2) connect to one and open a sending link to the managament agent on the other
(3) kill that other router
(4) wait for some time until the killed router is removed from the first router
(5) detach the management link
You know get a double delete of an address hash with something like the
following:
{noformat}
==1== Thread 2:
==1== Invalid free() / delete / delete[] / realloc()
==1== at 0x4C2ED4A: free (vg_replace_malloc.c:530)
==1== by 0x4E616A8: qd_hash_remove_by_handle (hash.c:328)
==1== by 0x4E7938E: qdr_core_remove_address (router_core.c:323)
==1== by 0x4E759E0: qdr_link_inbound_detach_CT (connections.c:1711)
==1== by 0x4E79C24: router_core_thread (router_core_thread.c:83)
==1== by 0x54EA739: start_thread (in /usr/lib64/libpthread-2.24.so)
==1== by 0x6055E7E: clone (in /usr/lib64/libc-2.24.so)
==1== Address 0x9c4ba10 is 0 bytes inside a block of size 41 free'd
==1== at 0x4C2ED4A: free (vg_replace_malloc.c:530)
==1== by 0x4E616A8: qd_hash_remove_by_handle (hash.c:328)
==1== by 0x4E7938E: qdr_core_remove_address (router_core.c:323)
==1== by 0x4E79CCF: router_core_thread (router_core_thread.c:83)
==1== by 0x54EA739: start_thread (in /usr/lib64/libpthread-2.24.so)
==1== by 0x6055E7E: clone (in /usr/lib64/libc-2.24.so)
==1== Block was alloc'd at
==1== at 0x4C2DB9D: malloc (vg_replace_malloc.c:299)
==1== by 0x4E6292B: qd_iterator_copy (iterator.c:737)
==1== by 0x4E61423: qd_hash_internal_insert (hash.c:146)
==1== by 0x4E61423: qd_hash_insert_const (hash.c:187)
==1== by 0x4E7A259: qdr_add_router_CT (route_tables.c:288)
==1== by 0x4E79CCF: router_core_thread (router_core_thread.c:83)
==1== by 0x54EA739: start_thread (in /usr/lib64/libpthread-2.24.so)
==1== by 0x6055E7E: clone (in /usr/lib64/libc-2.24.so)
==1==
{noformat}
> double delete of address hash
> -----------------------------
>
> Key: DISPATCH-820
> URL: https://issues.apache.org/jira/browse/DISPATCH-820
> Project: Qpid Dispatch
> Issue Type: Bug
> Affects Versions: 0.8.0
> Reporter: Gordon Sim
> Fix For: 1.0.0
>
>
> (1) start two connected routers
> (2) connect to one and open a sending link to the managament agent on the
> other
> (3) kill that other router
> (4) wait for some time until the killed router is removed from the first
> router
> (5) detach the management link
> You now get a double delete of an address hash with something like the
> following:
> {noformat}
> ==1== Thread 2:
> ==1== Invalid free() / delete / delete[] / realloc()
> ==1== at 0x4C2ED4A: free (vg_replace_malloc.c:530)
> ==1== by 0x4E616A8: qd_hash_remove_by_handle (hash.c:328)
> ==1== by 0x4E7938E: qdr_core_remove_address (router_core.c:323)
> ==1== by 0x4E759E0: qdr_link_inbound_detach_CT (connections.c:1711)
> ==1== by 0x4E79C24: router_core_thread (router_core_thread.c:83)
> ==1== by 0x54EA739: start_thread (in /usr/lib64/libpthread-2.24.so)
> ==1== by 0x6055E7E: clone (in /usr/lib64/libc-2.24.so)
> ==1== Address 0x9c4ba10 is 0 bytes inside a block of size 41 free'd
> ==1== at 0x4C2ED4A: free (vg_replace_malloc.c:530)
> ==1== by 0x4E616A8: qd_hash_remove_by_handle (hash.c:328)
> ==1== by 0x4E7938E: qdr_core_remove_address (router_core.c:323)
> ==1== by 0x4E79CCF: router_core_thread (router_core_thread.c:83)
> ==1== by 0x54EA739: start_thread (in /usr/lib64/libpthread-2.24.so)
> ==1== by 0x6055E7E: clone (in /usr/lib64/libc-2.24.so)
> ==1== Block was alloc'd at
> ==1== at 0x4C2DB9D: malloc (vg_replace_malloc.c:299)
> ==1== by 0x4E6292B: qd_iterator_copy (iterator.c:737)
> ==1== by 0x4E61423: qd_hash_internal_insert (hash.c:146)
> ==1== by 0x4E61423: qd_hash_insert_const (hash.c:187)
> ==1== by 0x4E7A259: qdr_add_router_CT (route_tables.c:288)
> ==1== by 0x4E79CCF: router_core_thread (router_core_thread.c:83)
> ==1== by 0x54EA739: start_thread (in /usr/lib64/libpthread-2.24.so)
> ==1== by 0x6055E7E: clone (in /usr/lib64/libc-2.24.so)
> ==1==
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
