Original bug covers two components, c++ broker+client and python client, hence cloning this copy to cover the c++ part. +++ This bug was initially created as a clone of Bug #640312 +++ Description of problem: The 0.10 codecs (both C++ and python) will allow the encoding of a string data type with a length that is greater than 64K. The 0.10 codec only defines string encodings that allow for strings up to 64K in length (length is encoded as a 16-bit unsigned integer). Version-Release number of selected component (if applicable): beta How reproducible: 100% Steps to Reproduce: 1. Send a message containing a string of length > 65535 bytes long. Actual results: Varies by implementation - C++ appears to convert the string to a vbin type. Python appears to corrupt the encoded length value. Expected results: 0.10 does not support strings > 65535 bytes in length - attempting to send message containing such a string should fail and notify the calling application (e.g. throw an exception). Additional info: --- Additional comment from kgiusti on 2010-10-05 10:34:57 EDT --- Created attachment 451681 [details] A V2-based agent that provides a string echo method. Can be used to reproduce the string encoding error. Run the agent like this: ./run_nozzle -b host:port -n 1 -t 10 -q A client can then query the agent for a data object _class="data", and invoke the echo method on the data object. The method takes a string argument. Attempting to invoke the method with a string with length > 65K will result in a timeout error. It should fail immediately with an error indicating the string is too long. Example client code: #!/usr/bin/python # $ ./big-echo.py mrg2.lab.bos.redhat.com 20 from qmf.console import * import sys url, size = sys.argv[1:3] size = int(size) s = Session() b = s.addBroker(url) a = b.getAgents()[1] d = a.getObjects(_class="data")[0] d.echo(1, "x" * size) s.delBroker(b) --- Additional comment from kgiusti on 2010-10-27 09:39:52 EDT --- Created attachment 455973 [details] Proposed fix. Proposed patch: will throw an exception if an attempt is to encode a value that cannot be represented by the target type. --- Additional comment from gsim on 2010-10-27 11:01:39 EDT --- Comment on attachment 455973 [details] Proposed fix. Seems reasonable fix to me. --- Additional comment from kgiusti on 2010-10-28 11:26:47 EDT --- Upstream JIRA: https://issues.apache.org/jira/browse/QPID-2916 --- Additional comment from kgiusti on 2010-10-29 13:27:05 EDT --- Upstream fix: http://svn.apache.org/viewvc?view=revision&revision=1028501 http://svn.apache.org/viewvc?view=revision&revision=1028812
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Cause QPID clients that send a message containing a string which is greater than 65535 bytes in length. Consequence The client incorrectly converts the string to a binary data type, which loses the correct type of the data. Fix QPID does not support strings greater than 65535 bytes in length. The encoding code now checks the length of all strings sent by clients, and enforces this length limit. Result Should a client attempt to send a string with a length greater than 65535 bytes, an exception shall be thrown.
Created attachment 475576 [details] The c++ console which calls the echo method on the agent g++ -Wall console.cpp -lqpidclient -lqmfconsole -o console Usage: ./console N where N is size of the string passed to nozzle/data.echo() method
The current observations highlights that qmf console ran against v1 qmf agent (broker) can: - timeout - crash (SIGSEGV) - exception qpid::framing::OutOfBounds - exception 'Top Level Exception: Could not encode string of 65536 bytes as uint16_t string.' which is expected behavior The QMF (attached) console calls echo() method with string of length N. See details in comment 4. Further details on QMF C++ console crash will come soon... rhel4 (similar on rhel5) N: - 0 <= OK < 65301 ($? = 0) - 65300 < timeout < 65456 (rh4_64) Result: code=4097 text=Method call timed out - 65455 < Out of Bounds < 65471/65480(rh4_64/rh4_32) Top Level Exception: Out of Bounds terminate called after throwing an instance of 'qpid::framing::OutOfBounds' what(): Out of Bounds Aborted - 65471/65480 < Segfault < 65536 Segmentation fault - 65535 < OK < infinity Call echo method... Top Level Exception: Could not encode string of 65536 bytes as uint16_t string. (qpid/framing/Buffer.cpp:266) # ./console 10 Creating SessionManager Adding broker Get agents: (1): agent[0] BrokerAgent Broker: org.apache.qpid.broker:broker[0-0-1-0-2] amqp-broker Call echo method... Result: code=0 text=OK Output Arg: body => ********** Output Arg: sequence => 1 # echo $? 0 # ./console 65440 Creating SessionManager Adding broker Get agents: (1): agent[0] BrokerAgent Broker: org.apache.qpid.broker:broker[0-0-1-0-2] amqp-broker Call echo method... Result: code=4097 text=Method call timed out # echo $? 0 # ./console 65480 Creating SessionManager Adding broker Get agents: (1): agent[0] BrokerAgent Broker: org.apache.qpid.broker:broker[0-0-1-0-2] amqp-broker Call echo method... terminate called after throwing an instance of 'qpid::framing::OutOfBounds' what(): Out of Bounds Aborted # echo $? 134 # ./console 65480 Creating SessionManager Adding broker Get agents: (1): agent[0] BrokerAgent Broker: org.apache.qpid.broker:broker[0-0-1-0-2] amqp-broker Call echo method... Segmentation fault # echo $? 139 # ./console 65481 Creating SessionManager Adding broker Get agents: (1): agent[0] BrokerAgent Broker: org.apache.qpid.broker:broker[0-0-1-0-2] amqp-broker Call echo method... Segmentation fault # echo $? 139 # ./console 65536 Creating SessionManager Adding broker Get agents: (1): agent[0] BrokerAgent Broker: org.apache.qpid.broker:broker[0-0-1-0-2] amqp-broker Call echo method... Top Level Exception: Could not encode string of 65536 bytes as uint16_t string. (qpid/framing/Buffer.cpp:266) # echo $? 0
During verification of this BZ some new issues regarding incorrect string handling were found. The result is that two new bugs was open: BZ674392, BZ674390. The issue has been fixed, tested on RHEL 4.9 / 5.6 i386 / x86_64 on packages: python-qpid-0.7.946106-15.el5 qpid-cpp-client-0.7.946106-27.el5 qpid-cpp-client-devel-0.7.946106-27.el5 qpid-cpp-client-devel-docs-0.7.946106-27.el5 qpid-cpp-client-ssl-0.7.946106-27.el5 qpid-cpp-mrg-debuginfo-0.7.946106-27.el5 qpid-cpp-server-0.7.946106-27.el5 qpid-cpp-server-cluster-0.7.946106-27.el5 qpid-cpp-server-devel-0.7.946106-27.el5 qpid-cpp-server-ssl-0.7.946106-27.el5 qpid-cpp-server-store-0.7.946106-27.el5 qpid-cpp-server-xml-0.7.946106-27.el5 qpid-java-client-0.7.946106-14.el5 qpid-java-common-0.7.946106-14.el5 qpid-java-example-0.7.946106-14.el5 qpid-tools-0.7.946106-12.el5 VERIFIED
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2011-0217.html