[rabbitmq-discuss] Bug report for librabbitmq-c client

Matthew Sherborne matt.sherborne at rackspace.com
Fri Jul 13 17:00:16 BST 2012


Hi guys,

I found a bug in librabbitmq-c client, but wasn't able to get a super
amount of information about it unfortunately.

It appears to be an integer overflow bug.

I had one certain message, and when the client tried to consume it,
it interpreted the message size to be 172 Terra-bytes and proceeded to sit
on socket.recv forever. The actual message size was between 1-2 MB.

I tested it with the trunk of the lib as of a few days ago.

I could re-produce the error with 3 different librabbitmq-c based client
libraries:

 * python kombu
 * c++ amqpcpp/AMQPcpp.h
 * c++ SimpleAmqpClient

I tested against the rabbit mq broker 1.8.1 and 2.8.4.

Unfortunately, I switched to py-amqplib and it ate the message that was
causing the error, so I don't have that test data anymore :*(

Here are some fun tracebacks, but they're not where it reads the size;
they're just where it's sitting trying to read a kagillion bytes:

http://pastebin.com/m1JPPSHw
http://pastebin.com/A6CZMDvj
http://pastebin.com/qQmjGD4Y
http://pastebin.com/DBZuUin5

I think the way to find the bug would be to compile with CMAKE_C_FLAGS
               -Wconversion

there's a lot of warnings coming out, I tried a few changes myself, but
couldn't fix the darn thing.

I hope this is useful to someone who knows the code better.

Let me know if I can help answer any Qs.

Kind Regards
Matthew Sherborne
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20120714/dc21d557/attachment.htm>


More information about the rabbitmq-discuss mailing list