activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Timothy Bish (JIRA)" <j...@apache.org>
Subject [jira] Commented: (AMQCPP-178) Core dump in ActiveMQException::buildMessage
Date Wed, 28 May 2008 14:40:00 GMT

    [ https://issues.apache.org/activemq/browse/AMQCPP-178?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=43079#action_43079
] 

Timothy Bish commented on AMQCPP-178:
-------------------------------------

Note that the SVN Trunk code which will soon be the 2.2 release we don't do things quite the
same, as we are using APR for a lot of the platform independent code.  You may want to give
trunk a try and see if your issues are resolved.

> Core dump in ActiveMQException::buildMessage
> --------------------------------------------
>
>                 Key: AMQCPP-178
>                 URL: https://issues.apache.org/activemq/browse/AMQCPP-178
>             Project: ActiveMQ C++ Client
>          Issue Type: Bug
>          Components: CMS Impl
>    Affects Versions: 2.1.3
>         Environment: Ubuntu 8.0.4 AMD64, ActiveMQ 5.1.0 running inside JBoss 4.2.2, ActiveMQ-CPP
2.1.3
>            Reporter: Aaron Riekenberg
>            Assignee: Nathan Mittler
>
> Running the "example" example program, I find I get a segmentation fault in "example"
if I terminate the message broker while its running.  This seems like quite a serious problem,
I can't have all c++ clients core dump if the broker goes down.  Full stack trace from gdb
is at the bottom.
> Did some digging with gdb and found the "size" variable in ActiveMQException::buildMessage
is 256, meaning our string was longer than 128 so we're going through the loop for the second
time:
> (gdb) down
> #3  0x00007fd6a575d90f in activemq::exceptions::ActiveMQException::buildMessage (
>     this=0x610600, 
>     format=0x7fd6a5898218 "No valid response received for command: %s, check broker.",

>     vargs=<value optimized out>) at activemq/exceptions/ActiveMQException.cpp:75
> 75              int written = vsnprintf(buffer, size, format, vargs);
> (gdb) p size
> $1 = 256
> ActiveMQException::buildMessage does a vsnprintf to try to write vargs into buffer, and
if buffer isn't big enough it doubles the size and tries another vsnprintf.  Trouble is it's
only legal to do ONE vsnprintf between calls to va_start and va_end, so on the second try
vargs is garbage.  See "man vsnprintf":
>        The  functions  vprintf(),  vfprintf(),  vsprintf(), vsnprintf() are equivalent
to the
>        functions printf(), fprintf(), sprintf(), snprintf(), respectively, except  that
 they
>        are  called with a va_list instead of a variable number of arguments.  These functions
>        do not call the va_end macro.  Because they invoke the va_arg macro, the value
 of  ap
>        is undefined after the call.  See stdarg(3).
> One possible solution is to use va_copy or __va_copy to make a copy of vargs so we have
a fresh copy to traverse on each iteration in buildMessage.  I've verified the following works
on my system (I have __va_copy instead of va_copy on Ubunutu 8.0.4):
> void ActiveMQException::buildMessage(const char* format, va_list& vargs)
> {
>     // Allocate buffer with a guess of it's size
>     int size = 128;
>     // Format string
>     while( true ){
>         // Allocate a buffer of the specified size.
>         char* buffer = new char[size];
>         va_list vargsCopy;
>         __va_copy(vargsCopy, vargs);
>         int written = vsnprintf(buffer, size, format, vargsCopy);
>         if (written > -1 && written < size-1) {
>             // Guessed size was enough. Assign the string.
>             message.assign (buffer, written);
>             // assign isn't passing ownership, just copying, delete
>             // the allocated buffer.
>             delete [] buffer;
>             va_end(vargsCopy);
>             break;
>         }
>         // Our buffer wasn't big enough - destroy the old buffer,
>         // double the size and try again.
>         delete [] buffer;
>         va_end(vargsCopy);
>         size *= 2;
>     }
>     //activemq::logger::SimpleLogger logger("com.yadda1");
>     //logger.log( message );   
> }
> Full stack trace of the failure from gdb:
> Core was generated by `/home/aaron/activemq/activemq-cpp-2.1.3-src/src/examples/.libs/lt-example
> '.
> Program terminated with signal 11, Segmentation fault.
> [New process 22513]
> [New process 22517]
> [New process 22497]
> #0  0x00007fd6a4b7c060 in strlen () from /lib/libc.so.6
> (gdb) where
> #0  0x00007fd6a4b7c060 in strlen () from /lib/libc.so.6
> #1  0x00007fd6a4b48e1a in vfprintf () from /lib/libc.so.6
> #2  0x00007fd6a4b6c9ea in vsnprintf () from /lib/libc.so.6
> #3  0x00007fd6a575d90f in activemq::exceptions::ActiveMQException::buildMessage (
>     this=0x610600, 
>     format=0x7fd6a5898218 "No valid response received for command: %s, check broker.",

>     vargs=<value optimized out>) at activemq/exceptions/ActiveMQException.cpp:75
> #4  0x00007fd6a57709e8 in CommandIOException (this=0x610600, 
>     file=0x7fd6a58981e0 "activemq/transport/filters/ResponseCorrelator.cpp", lineNumber=145,

>     msg=0x7fd6a5898218 "No valid response received for command: %s, check broker.")
>     at ./activemq/transport/CommandIOException.h:67
> #5  0x00007fd6a57c20d8 in activemq::transport::filters::ResponseCorrelator::request (
>     this=<value optimized out>, command=<value optimized out>)
>     at activemq/transport/filters/ResponseCorrelator.cpp:147
> #6  0x00007fd6a5796735 in activemq::connector::openwire::OpenWireFormatNegotiator::request
(
>     this=0x60ef60, command=0x610688)
>     at activemq/connector/openwire/OpenWireFormatNegotiator.cpp:102
> #7  0x00007fd6a57991fa in activemq::connector::openwire::OpenWireConnector::syncRequest
(
>     this=<value optimized out>, command=0x7fd6a5898240)
>     at activemq/connector/openwire/OpenWireConnector.cpp:1349
> #8  0x00007fd6a5799dd1 in activemq::connector::openwire::OpenWireConnector::send (
>     this=0x60d5c0, message=<value optimized out>, producerInfo=<value optimized
out>)
>     at activemq/connector/openwire/OpenWireConnector.cpp:838
> #9  0x00007fd6a5735aec in activemq::core::ActiveMQSession::send (this=<value optimized
out>, 
>     message=0x610680, producer=0x6103d0) at activemq/core/ActiveMQSession.cpp:673
> #10 0x00007fd6a5741b00 in activemq::core::ActiveMQProducer::send (this=0x6103d0, 
>     destination=<value optimized out>, message=0x610680, deliveryMode=626508689,
priority=4, 
>     timeToLive=0) at activemq/core/ActiveMQProducer.cpp:192
> #11 0x00007fd6a574161a in activemq::core::ActiveMQProducer::send (this=0x6554514d65766974,

>     destination=0x7fd6a5898240, message=0x409a2958) at activemq/core/ActiveMQProducer.cpp:147
> #12 0x00007fd6a574193b in activemq::core::ActiveMQProducer::send (this=0x6103d0, 
>     message=0x610680) at activemq/core/ActiveMQProducer.cpp:106
> #13 0x0000000000402bbe in HelloWorldProducer::run (this=0x7fffadd50ff0) at main.cpp:114
> #14 0x00007fd6a575bda0 in activemq::concurrent::Thread::runCallback (
>     param=<value optimized out>) at activemq/concurrent/Thread.cpp:152
> #15 0x00007fd6a48eb3f7 in start_thread () from /lib/libpthread.so.0
> #16 0x00007fd6a4bd8b2d in clone () from /lib/libc.so.6
> #17 0x0000000000000000 in ?? ()

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message