Segmentation fault in subroutine get

[MattiL]

Hi!

I reported a segmentation fault in CPAN: https://rt.cpan.org/Public/Bug/Display.html?id=76205

I got a segmentation fault in subroutine get. I think it is because memory allocation failed. I have Net::RabbitMQ version 0.2.2. I got a similar bug in Net::RabbitMQ version 0.2.0, too: https://rt.cpan.org/Public/Bug/Display.html?id=76156 This is perl, v5.10.0 built for x86_64-linux-thread-multi Linux pmc-inst-test 2.6.32.12-0.7-default #1 SMP 2010-05-20 11:14:20 +0200 x86_64 x86_64 x86_64 GNU/Linux

Program received signal SIGSEGV, Segmentation fault. 0x00007ffff724fa41 in memcpy () from /lib64/libc.so.6 (gdb) bt #0 0x00007ffff724fa41 in memcpy () from /lib64/libc.so.6 #1 0x00007ffff6db2c0d in amqp_handle_input (state=0x7bc8a0,

received_data=..., decoded_frame=0x7fffffffe2c0)
at /usr/include/bits/string3.h:52

#2 0x00007ffff6dbbeec in wait_frame_inner (state=0x7bc8a0,

decoded_frame=0x7fffffffe2c0) at amqp_socket.c:167

#3 0x00007ffff6dbc489 in amqp_simple_rpc (state=0x7bc8a0, channel=3,

request_id=<value optimized out>, expected_reply_ids=0x7fffffffe3a0, 
decoded_request_method=<value optimized out>) at amqp_socket.c:283

#4 0x00007ffff6db156c in amqp_basic_get (state=0x7bc8a0, channel=7,

queue=..., no_ack=1) at amqp_api.c:258

#5 0x00007ffff6da7432 in XS_Net__RabbitMQ_get (my_perl=,

cv=<value optimized out>) at RabbitMQ.xs:618

#6 0x000000000047e115 in Perl_pp_entersub () #7 0x0000000000455ad3 in Perl_runops_debug () #8 0x000000000047a005 in perl_run () #9 0x000000000042172c in main ()

(gdb)

regards, Matti Linnanvuori

[MattiL]

I think this segmentation fault is because state inbound_buffer bytes is 0x0. memcpy is done to that null address.

#1 0x00007ffff6db2c0d in amqp_handle_input (state=0x7bc8a0, received_data=..., decoded_frame=0x7fffffffe2c0) at /usr/include/bits/string3.h:52 52 return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest)); (gdb) print *state $2 = {frame_pool = {pagesize = 131072, pages = {num_blocks = 14754, blocklist = 0x31a9310}, large_blocks = {num_blocks = 0, blocklist = 0x0}, next_page = 14754, alloc_block = 0x0, alloc_used = 131072}, decoding_pool = {pagesize = 131072, pages = { num_blocks = 2, blocklist = 0x9a3dd0}, large_blocks = {num_blocks = 0, blocklist = 0x0}, next_page = 2, alloc_block = 0x7fffb4936010 "", alloc_used = 105360}, state = CONNECTION_STATE_WAITING_FOR_HEADER, channel_max = 0, frame_max = 131072, heartbeat = 0, inbound_buffer = { len = 131072, bytes = 0x0}, inbound_offset = 0, target_size = 7, outbound_buffer = {len = 131072, bytes = 0x7ffff6681010}, sockfd = 9, sock_inbound_buffer = {len = 131072, bytes = 0x7ffff66c3010}, sock_inbound_offset = 0, sock_inbound_limit = 13, first_queued_frame = 0x7ffff66a2070, last_queued_frame = 0x7ffff66a2198, basic_return_callback = 0, basic_return_callback_data = 0x0}

[MattiL]

I upgraded Net::RabbitMQ with the newest librabbitmq (rabbitmq-c-fb6fca832fd2) and the segmentation fault no longer appeared. I was thinking I could upload a fixed version of Net::RabbitMQ to CPAN unless you object.

[MattiL]

I made a pull request #14 that fixes this segmentation fault.