Crash in Sandesha2/C with Sqlite persistence after 174 simple messages consistently.

classic Classic list List threaded Threaded
2 messages Options
Pa1
Reply | Threaded
Open this post in threaded view
|

Crash in Sandesha2/C with Sqlite persistence after 174 simple messages consistently.

Pa1
Hi all,

We are using Sandesha2/C client in our product for WS-RM capability. While testing the standalone sample program for sandesha2/c for sending 200 messages (basic echo message), we could see crash consistently at following location after lot of debugging.

file - src/storage/sqlite/permanent_seq_property_mgr.c +344

axis2_bool_t AXIS2_CALL
sandesha2_permanent_seq_property_mgr_update(
    sandesha2_seq_property_mgr_t *seq_prop_mgr,
    const axutil_env_t *env,
    sandesha2_seq_property_bean_t *bean)
{
    axis2_char_t sql_update[1024];
    axis2_bool_t ret = AXIS2_FALSE;
    axis2_char_t *id = NULL;
    sandesha2_permanent_seq_property_mgr_t *seq_prop_mgr_impl = NULL;
    axis2_char_t *seq_id = NULL;
    axis2_char_t *name = NULL;
    axis2_char_t *value    = NULL;

    AXIS2_PARAM_CHECK(env->error, bean, AXIS2_FALSE);

    id = sandesha2_permanent_seq_property_mgr_get_id_with_bean(env, bean);
    seq_id = sandesha2_seq_property_bean_get_seq_id(bean, env);
    name = sandesha2_seq_property_bean_get_name(bean, env);
    value = sandesha2_seq_property_bean_get_value(bean, env);

    seq_prop_mgr_impl = SANDESHA2_INTF_TO_IMPL(seq_prop_mgr);

    sprintf(sql_update, "update seq_property set seq_id='%s', name='%s',"\
        "value='%s' where id='%s'", seq_id, name, value, id);

    if(id)
        AXIS2_FREE(env->allocator, id);
    ret = sandesha2_permanent_bean_mgr_update(seq_prop_mgr_impl->bean_mgr, env,
        sql_update);
    return ret;
}


Crash seen at sprintf line.

sql_update variable size is fixed as 1024.  After certain number of messages (in our case, 176 messages exactly), sprintf crashes with buffer overflow as value is keep appending the messages number (it grows as we continue further).

I hope I made everything clear. Now, i want to know whether this is known issue which got fixed or if not, can anybody fix this ?

Unfortunately, for 0.91 version (which is downloadable from apache website) there is no provision for inmemory storage mgr (to use it as alternative case), as code is hard coded to persistence based storage mgr.

Thanks,
Vamsi Pavan

Pa1
Reply | Threaded
Open this post in threaded view
|

Fwd: Crash in Sandesha2/C with Sqlite persistence after 174 simple messages consistently.

Pa1
Created following Bug.

https://issues.apache.org/jira/browse/SANDESHA2C-75

Can anybody comment on this please ? Anybody looking into Sandesha2/C project  ???

Thanks,
Vamsi Pavan

---------- Forwarded message ----------
From: Pa1 <[hidden email]>
Date: Wed, Jan 9, 2013 at 9:12 PM
Subject: Crash in Sandesha2/C with Sqlite persistence after 174 simple messages consistently.
To: [hidden email], [hidden email]


Hi all,

We are using Sandesha2/C client in our product for WS-RM capability. While testing the standalone sample program for sandesha2/c for sending 200 messages (basic echo message), we could see crash consistently at following location after lot of debugging.

file - src/storage/sqlite/permanent_seq_property_mgr.c +344

axis2_bool_t AXIS2_CALL
sandesha2_permanent_seq_property_mgr_update(
    sandesha2_seq_property_mgr_t *seq_prop_mgr,
    const axutil_env_t *env,
    sandesha2_seq_property_bean_t *bean)
{
    axis2_char_t sql_update[1024];
    axis2_bool_t ret = AXIS2_FALSE;
    axis2_char_t *id = NULL;
    sandesha2_permanent_seq_property_mgr_t *seq_prop_mgr_impl = NULL;
    axis2_char_t *seq_id = NULL;
    axis2_char_t *name = NULL;
    axis2_char_t *value    = NULL;

    AXIS2_PARAM_CHECK(env->error, bean, AXIS2_FALSE);

    id = sandesha2_permanent_seq_property_mgr_get_id_with_bean(env, bean);
    seq_id = sandesha2_seq_property_bean_get_seq_id(bean, env);
    name = sandesha2_seq_property_bean_get_name(bean, env);
    value = sandesha2_seq_property_bean_get_value(bean, env);

    seq_prop_mgr_impl = SANDESHA2_INTF_TO_IMPL(seq_prop_mgr);

    sprintf(sql_update, "update seq_property set seq_id='%s', name='%s',"\
        "value='%s' where id='%s'", seq_id, name, value, id);

    if(id)
        AXIS2_FREE(env->allocator, id);
    ret = sandesha2_permanent_bean_mgr_update(seq_prop_mgr_impl->bean_mgr, env,
        sql_update);
    return ret;
}


Crash seen at sprintf line.

sql_update variable size is fixed as 1024.  After certain number of messages (in our case, 176 messages exactly), sprintf crashes with buffer overflow as value is keep appending the messages number (it grows as we continue further).

I hope I made everything clear. Now, i want to know whether this is known issue which got fixed or if not, can anybody fix this ?

Unfortunately, for 0.91 version (which is downloadable from apache website) there is no provision for inmemory storage mgr (to use it as alternative case), as code is hard coded to persistence based storage mgr.

Thanks,
Vamsi Pavan