Segmentation fault in subroutine get

[MattiL]

Hi!

I reported a segmentation fault in CPAN:
https://rt.cpan.org/Public/Bug/Display.html?id=76205

I got a segmentation fault in subroutine get. I think it is because memory allocation failed.
I have Net::RabbitMQ version 0.2.2. I got a similar bug in Net::RabbitMQ version 0.2.0, too: https://rt.cpan.org/Public/Bug/Display.html?id=76156
This is perl, v5.10.0 built for x86_64-linux-thread-multi
Linux pmc-inst-test 2.6.32.12-0.7-default #1 SMP 2010-05-20 11:14:20 +0200 x86_64 x86_64 x86_64 GNU/Linux

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff724fa41 in memcpy () from /lib64/libc.so.6
(gdb) bt
#0 0x00007ffff724fa41 in memcpy () from /lib64/libc.so.6
#1 0x00007ffff6db2c0d in amqp_handle_input (state=0x7bc8a0,

received_data=..., decoded_frame=0x7fffffffe2c0)
at /usr/include/bits/string3.h:52

#2 0x00007ffff6dbbeec in wait_frame_inner (state=0x7bc8a0,

decoded_frame=0x7fffffffe2c0) at amqp_socket.c:167

#3 0x00007ffff6dbc489 in amqp_simple_rpc (state=0x7bc8a0, channel=3,

request_id=<value optimized out>, expected_reply_ids=0x7fffffffe3a0, 
decoded_request_method=<value optimized out>) at amqp_socket.c:283

#4 0x00007ffff6db156c in amqp_basic_get (state=0x7bc8a0, channel=7,

queue=..., no_ack=1) at amqp_api.c:258

#5 0x00007ffff6da7432 in XS_Net__RabbitMQ_get (my_perl=,

cv=<value optimized out>) at RabbitMQ.xs:618

#6 0x000000000047e115 in Perl_pp_entersub ()
#7 0x0000000000455ad3 in Perl_runops_debug ()
#8 0x000000000047a005 in perl_run ()
#9 0x000000000042172c in main ()

(gdb)

regards, Matti Linnanvuori

[MattiL]

I think this segmentation fault is because state inbound_buffer bytes is 0x0. memcpy is done to that null address.

#1 0x00007ffff6db2c0d in amqp_handle_input (state=0x7bc8a0,
received_data=..., decoded_frame=0x7fffffffe2c0)
at /usr/include/bits/string3.h:52
52 return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest));
(gdb) print *state
$2 = {frame_pool = {pagesize = 131072, pages = {num_blocks = 14754,
blocklist = 0x31a9310}, large_blocks = {num_blocks = 0,
blocklist = 0x0}, next_page = 14754, alloc_block = 0x0,
alloc_used = 131072}, decoding_pool = {pagesize = 131072, pages = {
num_blocks = 2, blocklist = 0x9a3dd0}, large_blocks = {num_blocks = 0,
blocklist = 0x0}, next_page = 2, alloc_block = 0x7fffb4936010 "",
alloc_used = 105360}, state = CONNECTION_STATE_WAITING_FOR_HEADER,
channel_max = 0, frame_max = 131072, heartbeat = 0, inbound_buffer = {
len = 131072, bytes = 0x0}, inbound_offset = 0, target_size = 7,
outbound_buffer = {len = 131072, bytes = 0x7ffff6681010}, sockfd = 9,
sock_inbound_buffer = {len = 131072, bytes = 0x7ffff66c3010},
sock_inbound_offset = 0, sock_inbound_limit = 13,
first_queued_frame = 0x7ffff66a2070, last_queued_frame = 0x7ffff66a2198,
basic_return_callback = 0, basic_return_callback_data = 0x0}

[MattiL]

I upgraded Net::RabbitMQ with the newest librabbitmq (rabbitmq-c-fb6fca832fd2) and the segmentation fault no longer appeared. I was thinking I could upload a fixed version of Net::RabbitMQ to CPAN unless you object.

[MattiL]

I made a pull request #14 that fixes this segmentation fault.