[
https://issues.apache.org/jira/browse/ZOOKEEPER-2891?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16153585#comment-16153585
]
ASF GitHub Bot commented on ZOOKEEPER-2891:
-------------------------------------------
GitHub user xoiss opened a pull request:
https://github.com/apache/zookeeper/pull/360
branch-3.4 -- bugfix -- ZOOKEEPER-2891
Fixes https://issues.apache.org/jira/browse/ZOOKEEPER-2891
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/xoiss/zookeeper
branch-3.4-bugfix-zookeeper-2891
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/zookeeper/pull/360.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #360
----
commit 2dc3664e52a0f1ae82c5c4fdc800921548bfc087
Author: xoiss <xoiss@ubuntu>
Date: 2017-09-05T11:28:36Z
ZOOKEEPER-2890 - fix freing by uninitialized address.
commit b6da551a38bcfe834038c44f94da0bbfb2c881a5
Author: xoiss <xoiss@ubuntu>
Date: 2017-09-05T12:48:33Z
ZOOKEEPER-2891 - fix endless loop and assertion on fake multi response.
----
> SIGABRT from assert during fake completion on zookeeper_close.
> --------------------------------------------------------------
>
> Key: ZOOKEEPER-2891
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2891
> Project: ZooKeeper
> Issue Type: Bug
> Components: c client
> Affects Versions: 3.4.10
> Environment: Linux ubuntu 4.4.0-87-generic
> gcc (Ubuntu 5.4.0-6ubuntu1~16.04.4) 5.4.0 20160609
> https://github.com/apache/zookeeper.git
> branch-3.4
> Reporter: Alexander A. Strelets
> Priority: Critical
> Labels: easyfix
> Fix For: 3.4.10
>
>
> Function *_deserialize_multi()_* hits *_assert(entry)_* when called for the
> so called "Fake response" which is fabricated by the function
> _free_completions()_ for example when _zookeeper_close()_ is called while
> there is a pending _multi_ request.
> Such fake response includes only the header but zero bytes for the body. Due
> to this {{deserialize_MultiHeader(ia, "multiheader", &mhdr)}}, which is
> called repeatedly for each {{completion_list_t *entry =
> dequeue_completion(clist)}}, does not assign the _mhdr_ and keeps _mhdr.done
> == 0_ as it was originally initialized. Consequently the _while (!mhdr.done)_
> does not ever end, and finally falls into the _assert(entry)_ with _entry ==
> NULL_ when all sub-requests are "completed". ~// Normally on my platform
> assert raises SIGABRT.~
> I propose to instruct the _deserialize_multi()_ function to break the loop on
> _entry == NULL_ if it was called for an unsuccessfull overal status of the
> multi response, and in particular for the fake response having _ZCLOSING_
> (-116) status. I have introduced the _rc0_ parameter for this.
> *Another issue* with this function is that even if the while-loop exited
> properly, this function returns _rc == 0_, and this return code +overrides+
> the true status value with {{rc = deserialize_multi(xid, cptr, ia, rc)}} in
> the _deserialize_response()_ function. So, the _multi_ response callback
> +handler would be called with _rc == ZOK_ instead of _rc == ZCLOSING_+ which
> is strictly wrong.
> To fix this I propose initializing _rc_ with the introduced _rc0_ instead of
> zero (which is _ZOK_ indeed).
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
