Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change message_queue indexing from pointer address to uint32_t #2497

Merged
merged 1 commit into from
Jun 19, 2023
Merged

Change message_queue indexing from pointer address to uint32_t #2497

merged 1 commit into from
Jun 19, 2023

Conversation

ewertons
Copy link
Contributor

Checklist

  • I have read the [contribution guidelines] (https://github.com/Azure/azure-iot-sdk-c/blob/main/.github/CONTRIBUTING.md).
  • I added or modified the existing tests to cover the change (we do not allow our test coverage to go down).
  • If this is a modification that impacts the behavior of a public API
    • I edited the corresponding document in the devdoc folder and added or modified requirements.
  • I submitted this PR against the correct branch:
    • This pull-request is submitted against the main branch.
    • I have merged the latest main branch prior to submission and re-merged as needed after I took any feedback.
    • I have squashed my changes into one with a clear description of the change.

Reference/Link to the issue solved with this PR (if any)

Description of the problem

This change fixes a memory corruption caused by message queue when the following scenario occurs:
MESSAGE1 is enqueued (address #1)
MESSAGE1 is put in progress by mq
MESSAGE1 is destroyed by the app
MESSAGE2 is enqueued (re-using address #1, which was made available by the previous step)
MESSAGE2 is put in progress by the mq
MESSAGE2 processing is marked as completed by the app

Here the message queue searches the list of in-progress messages by
the message address in memory. Since MESSAGE2 now has the same address of MESSAGE1 (which was freed), message_queue picks the entry for MESSAGE1 for removing from the in-progress list, leaving MESSAGE2 behind.

Description of the solution

Please see description above.

@ewertons
Change message_queue indexing from pointer address to uint32_t
6b8f846 
This change fixes a memory corruption caused by message queue when the
following scenario occurs:
MESSAGE1 is enqueued (address #1)
MESSAGE1 is put in progress by mq
MESSAGE1 is destroyed by the app
MESSAGE2 is enqueued (re-using address #1, which was made available
by the previous step)
MESSAGE2 is put in progress by the mq
MESSAGE2 processing is marked as completed by the app
> Here the message queue searches the list of in-progress messages by
the message address in memory. Since MESSAGE2 now has the same address
of MESSAGE1 (which was freed), message_queue picks the entry for
MESSAGE1 for removing from the in-progress list, leaving MESSAGE2
behind.
@ewertons ewertons merged commit 62321f2 into main Jun 19, 2023
@ewertons ewertons deleted the ewertons/fixmessagequeue branch June 19, 2023 17:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ericwolz ericwolz ericwolz approved these changes

@CIPop CIPop Awaiting requested review from CIPop

@jspaith jspaith Awaiting requested review from jspaith

@preethi826 preethi826 Awaiting requested review from preethi826

@RLeclair RLeclair Awaiting requested review from RLeclair RLeclair is a code owner

@vaavva vaavva Awaiting requested review from vaavva vaavva is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ewertons @ericwolz