Gearman

gearman_worker_free segfaults in gearman_packet_free

Bug #1333919 reported by Ross Schlaikjer
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Gearman
New
Undecided
Unassigned

Bug Description

When a worker is run against a server and times out enough times, freeing that worker will then cause a segfault in gearman_packet_free.

This is with Gearman 1.0.6.

Program received signal SIGSEGV, Segmentation fault.
checkhdr (hdr=hdr@entry=0x9595959595959565) at mcheck.c:93
93 mcheck.c: No such file or directory.
(gdb) bt
#0 checkhdr (hdr=hdr@entry=0x9595959595959565) at mcheck.c:93
#1 0x00007ffff7884ec9 in checkhdr (hdr=0x9595959595959565) at mcheck.c:185
#2 freehook (ptr=0x9595959595959595, caller=0x7ffff7bbec8b <gearman_packet_free(gearman_packet_st*)+65>) at mcheck.c:186
#3 0x00007ffff7bbec8b in gearman_packet_free (packet=0x609418) at libgearman/packet.cc:289
#4 0x00007ffff7bb93c6 in gearman_connection_st::free_recv_packet (this=0x601e20) at libgearman/connection.cc:381
#5 0x00007ffff7bb9354 in gearman_connection_st::close_socket (this=0x601e20) at libgearman/connection.cc:361
#6 0x00007ffff7bb9118 in gearman_connection_st::~gearman_connection_st (this=0x601e20, __in_chrg=<optimized out>) at libgearman/connection.cc:264
#7 0x00007ffff7bc28f2 in gearman_free_all_cons (universal=...) at libgearman/universal.cc:234
#8 0x00007ffff7bc2769 in gearman_universal_free (universal=...) at libgearman/universal.cc:159
#9 0x00007ffff7bc4f87 in gearman_worker_free (worker=0x601040) at libgearman/worker.cc:209
#10 0x0000000000400946 in main ()

This can be replicated with the following C. The bug does not appear unless work() is called in this way at least three times.

#include <libgearman-1.0/gearman.h>

void* cb(gearman_job_st* job, void* ctx, size_t* foo, gearman_return_t* ret){
    return NULL;
}

int main(){
    gearman_worker_st* w = gearman_worker_create(NULL);
    gearman_worker_add_function(
            w,
            "test",
            10,
            cb,
            NULL
        );
    gearman_worker_add_servers(w, "your.gearman.server");
    gearman_worker_set_timeout(w, 30);
    gearman_worker_timeout(w);
    gearman_worker_work(w);
    gearman_worker_work(w);
    gearman_worker_work(w);
    gearman_worker_free(w);

}

See original description
Ross Schlaikjer (ross-schlaikjer)
description: updated
Revision history for this message
chjgcn (chjgcn) wrote :

I have tested that this bug does not exist in the latest version(1.1.12) .
So I suggest the latest version to you.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.