[
https://issues.apache.org/jira/browse/DISPATCH-2045?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17321010#comment-17321010
]
ASF GitHub Bot commented on DISPATCH-2045:
------------------------------------------
ganeshmurthy opened a new pull request #1119:
URL: https://github.com/apache/qpid-dispatch/pull/1119
… to zero out the item's handle so it cannot be dereferenced later.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
> qd_hash_internal_remove_item writes to freed (pooled) memory on router
> shutdown
> -------------------------------------------------------------------------------
>
> Key: DISPATCH-2045
> URL: https://issues.apache.org/jira/browse/DISPATCH-2045
> Project: Qpid Dispatch
> Issue Type: Bug
> Affects Versions: 1.16.0
> Reporter: Jiri Daněk
> Priority: Minor
> Attachments:
> 0001-DISPATCH-2039-WIP-add-prints-around-hash-inserts-and.patch,
> hashcrash.conf
>
>
> Apply the attached patch (), run router with the attached config, wait a
> moment, then stop the router. Note the following lines in the router output
> {code}
> inserting key M0$management
> inserting key L$management
> inserting key L$_management_internal
> inserting key Corg.apache
> inserting key CFakeBroker
> inserting key LlinkRoute/0
> inserting key Dorg.apache
> inserting key LlinkRoute/1
> ^C
> freeing item 0x61100000de10 with key 2/apache
> zeroing the handle pointer, of value 0x61100000de10
> freeing hash handle 0x611000034f10 for item (nil)
> freeing item 0x61100000df50 with key 1/org
> zeroing the handle pointer, of value 0x61100000df50
> freeing hash handle 0x611000035050 for item (nil)
> freeing item 0x611000030050 with key Corg.apache
> zeroing the handle pointer, of value 0x611000030050
> freeing hash handle 0x611000035190 for item (nil)
> freeing hash handle 0x611000034c90 for item 0x61100000db90
> freeing item 0x61100000dcd0 with key CFakeBroker
> zeroing the handle pointer, of value 0x61100000dcd0
> freeing hash handle 0x611000034dd0 for item (nil)
> freeing item 0x61100000d7d0 with key 2/apache
> zeroing the handle pointer, of value 0x61100000d7d0
> freeing hash handle 0x6110000348d0 for item (nil)
> freeing item 0x61100000d910 with key 1/org
> zeroing the handle pointer, of value 0x61100000d910
> freeing hash handle 0x611000034a10 for item (nil)
> freeing item 0x61100000da50 with key Dorg.apache
> zeroing the handle pointer, of value 0x61100000da50
> freeing hash handle 0x611000034b50 for item (nil)
> freeing hash handle 0x611000034790 for item 0x61100000d690
> freeing item 0x611000030410 with key M0$management
> zeroing the handle pointer, of value 0x611000030410
> freeing hash handle 0x611000035550 for item (nil)
> freeing item 0x6110000302d0 with key L$management
> zeroing the handle pointer, of value 0x6110000302d0
> freeing hash handle 0x611000035410 for item (nil)
> freeing item 0x611000030190 with key L$_management_internal
> zeroing the handle pointer, of value 0x611000030190
> freeing hash handle 0x6110000352d0 for item (nil)
> freeing item 0x61100000db90 with key LlinkRoute/0
> zeroing the handle pointer, of value 0x9999999999999999
> freeing item 0x61100000d690 with key LlinkRoute/1
> zeroing the handle pointer, of value 0x9999999999999999
> freeing item 0x611000007290 with key router
> {code}
> The problem is at the end, writing to memory set to {{#define QD_MEMORY_FREE
> 0x99}}.
> {noformat}
> freeing item 0x61100000db90 with key LlinkRoute/0
> zeroing the handle pointer, of value 0x9999999999999999
> freeing item 0x61100000d690 with key LlinkRoute/1
> zeroing the handle pointer, of value 0x9999999999999999
> freeing item 0x611000007290 with key router
> {noformat}
> That is because a handle can be freed before the item, which happened in this
> case, in {{freeing hash handle 0x611000034790 for item 0x61100000d690}}.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
