509096 – segfault in TopicExchange::isBound()

Bug 509096 - segfault in TopicExchange::isBound()

Summary: segfault in TopicExchange::isBound()

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise MRG
Classification:	Red Hat
Component:	qpid-cpp
Sub Component:
Version:	1.0
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	1.1.6
Target Release:	---
Assignee:	Gordon Sim
QA Contact:	Frantisek Reznicek
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2009-07-01 10:43 UTC by Gordon Sim
Modified:	2015-11-16 01:11 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2009-07-14 17:32:18 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
Reproducer (5.67 KB, text/x-c++src) 2009-07-01 10:43 UTC, Gordon Sim	no flags	Details
Fix (502 bytes, patch) 2009-07-01 13:32 UTC, Gordon Sim	no flags	Details \| Diff
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2009:1153	0	normal	SHIPPED_LIVE	Red Hat Enterprise MRG Messaging bug fixing update	2009-07-14 17:31:48 UTC

Description Gordon Sim 2009-07-01 10:43:18 UTC

Created attachment 350081 [details]
Reproducer

Description of problem:

Due to lack of appropriate locking in TopicExchange::isBound() invocation of this method concurrent with modifications to the set of bindings managed by the topic is unsafe and causes segfaults.

See: https://issues.apache.org/jira/browse/QPID-1963

Version-Release number of selected component (if applicable):

From 1.0

How reproducible:

Easily

Steps to Reproduce:
1. run attached test case against a broker

Actual results:

Broker crashes (usually within 10 minutes)

Expected results:

No crashes.

Additional info:

Comment 1 Gordon Sim 2009-07-01 13:32:07 UTC

Created attachment 350108 [details]
Fix

Comment 2 Gordon Sim 2009-07-01 13:49:10 UTC

Fixed on trunk as r790164.

Comment 3 Gordon Sim 2009-07-03 07:45:29 UTC

Fixed in qpidd-0.5.752581-22.

Comment 4 Frantisek Reznicek 2009-07-03 08:20:31 UTC

The issue has been fixed, validated on RHEL 4.7 / 5.3 i386 / x86_64 on packages:
[root@mrg-qe-02 bz509096]# rpm -qa | grep -E '(qpid|openais|rhm)' | sort -u
openais-0.80.3-22.el5_3.8
openais-debuginfo-0.80.3-22.el5_3.8
python-qpid-0.5.752581-3.el5
qpidc-0.5.752581-22.el5
qpidc-debuginfo-0.5.752581-22.el5
qpidc-devel-0.5.752581-22.el5
qpidc-rdma-0.5.752581-22.el5
qpidc-ssl-0.5.752581-22.el5
qpidd-0.5.752581-22.el5
qpidd-acl-0.5.752581-22.el5
qpidd-cluster-0.5.752581-22.el5
qpidd-devel-0.5.752581-22.el5
qpid-dotnet-0.4.738274-2.el5
qpidd-rdma-0.5.752581-22.el5
qpidd-ssl-0.5.752581-22.el5
qpidd-xml-0.5.752581-22.el5
qpid-java-client-0.5.751061-7.el5
qpid-java-common-0.5.751061-7.el5
rhm-0.5.3206-5.el5
rhm-docs-0.5.756148-1.el5

->VERIFIED

Comment 6 errata-xmlrpc 2009-07-14 17:32:18 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2009-1153.html

Note You need to log in before you can comment on or make changes to this bug.