Chuck Rolke created PROTON-1173:
-----------------------------------
Summary: Proton C core dump in face of channel-max protocol
violation
Key: PROTON-1173
URL: https://issues.apache.org/jira/browse/PROTON-1173
Project: Qpid Proton
Issue Type: Bug
Components: proton-c
Affects Versions: 0.11.1
Reporter: Chuck Rolke
A rogue client creates a session on a channel higher than the channel-max
exchanged at connection open.
{noformat}
Mon Apr 11 10:34:27 2016 SERVER (trace) [1]:pn_session: too many sessions: 1
channel_max is 0 (/home/chug/git/qpid-dispatch/src/server.c:116)
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff793b84a in pn_do_begin (transport=0x6a4bd0, frame_type=0 '\000',
channel=1, args=0x7c1f60, payload=0x7fffffffd2c0)
at /home/chug/git/qpid-proton/proton-c/src/transport/transport.c:1205
1205 ssn->state.incoming_transfer_count = next;
Missing separate debuginfos, use: debuginfo-install nss-mdns-0.10-15.fc21.x86_64
(gdb)
(gdb) list
1200 // XXX: what if session is NULL?
1201 ssn = (pn_session_t *) pn_hash_get(transport->local_channels,
remote_channel);
1202 } else {
1203 ssn = pn_session(transport->connection);
1204 }
1205 ssn->state.incoming_transfer_count = next;
1206 pni_map_remote_channel(ssn, channel);
1207 PN_SET_REMOTE(ssn->endpoint.state, PN_REMOTE_ACTIVE);
1208 pn_collector_put(transport->connection->collector, PN_OBJECT, ssn,
PN_SESSION_REMOTE_OPEN);
1209 return 0;
(gdb) p ssn
$1 = (pn_session_t *) 0x0
(gdb)
{noformat}
Session is null and SEGV is what happens.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
