963245 – Translation of empty messages from 0-10 to 1.0 results in broker crash

Bug 963245 - Translation of empty messages from 0-10 to 1.0 results in broker crash

Summary: Translation of empty messages from 0-10 to 1.0 results in broker crash

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Enterprise MRG
Classification:	Red Hat
Component:	qpid-cpp
Sub Component:
Version:	Development
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	3.0
Target Release:	---
Assignee:	Gordon Sim
QA Contact:	Petr Matousek
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1010399
TreeView+	depends on / blocked

Reported:	2013-05-15 13:19 UTC by Petr Matousek
Modified:	2015-01-21 12:57 UTC (History)
CC List:	1 user (show)
Fixed In Version:	qpid-cpp-0.22-4.el6, qpid-cpp-0.22-4.el5
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
core dump (7.04 KB, text/plain) 2013-05-15 13:19 UTC, Petr Matousek	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Apache JIRA	QPID-4846	0	None	None	None	Never

Description Petr Matousek 2013-05-15 13:19:17 UTC

Created attachment 748284 [details]
core dump

Description of problem:

A broker crash occurs while receiving a message which was sent in 0-10 format (without content set) using the amqp1.0 protocol.

Notes:
This only occurs when mixing protocols 0.10 and 1.0. 
This only occurs when the message content is not set.

Broker log:
[Unspecified] notice Buffer overflow for write of size 1 to buffer of
size 90 at position 90
qpidd:
/builddir/build/BUILD/qpid-0.22/cpp/src/qpid/amqp/Encoder.cpp:394: void
qpid::amqp::Encoder::check(size_t): Assertion `false' failed. 

The core dump is attached.

Version-Release number of selected component (if applicable):
qpid-cpp-0.22-2

How reproducible:
100%

Steps to Reproduce:
1. spout "q;{create:always}"
2. drain --connection-options "{protocol:amqp1.0}" q 
3. broker crash
  
Actual results:
broker crash when converting 0-10 message to amqp1.0

Expected results:
Empty message may be successfully received when mixing protocols

Additional info:

Comment 1 Gordon Sim 2013-05-15 13:46:28 UTC

Fixed upstream by http://svn.apache.org/r1482795

Comment 2 Petr Matousek 2013-07-09 16:11:43 UTC

The issue has been fixed

Verified on RHEL5.9 and RHEL6.4, architectures: i386, x86_64

packages installed:
qpid-cpp-*-0.22-6

-> VERIFIED

Note You need to log in before you can comment on or make changes to this bug.