[Vortex] Crash in vortex_tls_start_negociation_sync

Francis Brosnan Blazquez francis at aspl.es
Tue Mar 4 16:05:12 CET 2008 

Hi Jens,

> My app just crashed in Vortex code, after logging several warning  
> messages. The first warning was:
> 
> CRITICAL: (vortex-channel) unable to parse err reply, we have a buggy  
> remote peer: Error found (stream size: 7, at byte 0 (global index: 0),  
> near to ...Refused..., while reading: Refused): expected an non empty  
> content for the node name not found.
> 
> This occurred when a reply was sent by the peer; my app code didn't  
> get the reply from Vortex.
> Then a few minutes later, the following warning and then immediately a  
> crash:
> 
> WARNING: (vortex-thread) timeout reached for conditional variable  
> (system call pthread_cond_wait finished)
> 
> GDB's backtrace of the crash is:
> 
> (gdb) bt
> #0  0x0018af35 in vortex_tls_start_negociation_sync  
> (connection=0x3ec900, serverName=0x0, status=0x0, status_message=0x0)  
> at /Hack/Others/Vortex BEEP Library/vortex/src/vortex_tls.c:1627
> #1  0x0017490b in __vortex_connection_new (data=0xe517660) at /Hack/ 
> Others/Vortex BEEP Library/vortex/src/vortex_connection.c:1326
> #2  0x001886c8 in __vortex_thread_pool_dispatcher (data=0x34da00) at / 
> Hack/Others/Vortex BEEP Library/vortex/src/vortex_thread_pool.c:98
> #3  0x96cdac55 in _pthread_start ()
> #4  0x96cdab12 in thread_start ()
> (gdb) list
> 1622		/* get status */
> 1623		result = vortex_async_queue_timedpop (queue,  
> vortex_connection_get_timeout ());
> 1624		if (result == NULL) {
> 1625			/* seems timeout have happen while waiting for SASL to
> 1626			 * end */
> 1627			(* status)         = VortexError;
> 1628			(* status_message) = "Timeout have been reached while waiting  
> for TLS to finish";
> 1629			return NULL;
> 1630		}
> 1631	
> 
> Looks like vortex_tls_start_negociation_sync is dereferencing its  
> 'status' pointer, but __vortex_connection_new passed NULL for 'status'.

Fixed! As you pointed, under a timeout condition the function unref
status and status_message without checking to be defined. Applied fix on
1.0 and 1.1

> (I'm still on my slightly-hacked 1.0.12 sources, on Mac OS X 10.5.)

OK. The bug was found at HEAD. Thanks for reporting Jens. Cheers!

> —Jens
-- 
Francis Brosnan Blazquez <francis at aspl.es>
Advanced Software Production Line, S.L.

More information about the Vortex mailing list