[Bug] Segmentation Fault (Null Pointer Dereference) in Pulsar C++ Client During Message Reception (v3.3.0 & v3.7.2) #500
Description
Search before asking
- I searched in the issues and found nothing similar.
Version
We observed a segmentation fault on our database node while using the Pulsar C++ client version 3.3.0, which leads to a crash with the following stack trace (see below). The crash appears to be caused by a null pointer dereference during message processing in the pulsar::ConsumerImpl::messageReceived() function.
To investigate, we upgraded the client to version 3.7.2, but unfortunately, the issue persists with the same stack trace, indicating that the underlying problem might still exist in the latest versions.``
Minimal reproduce step
To reproduce the issue using the Pulsar C++ client (versions 3.3.0 and 3.7.2), follow these steps:
- Set up a running Pulsar cluster.
- Link and build an application with the Pulsar C++ client (either v3.3.0 or v3.7.2).
- In application, create a Reader on an existing topic as follows:
auto result = client_.createReader(topic_, start_mid_, readerConfig, reader_);
4)Periodically perform these operations:
Check message availability:
bool hasMsgInTopic = false; reader_.hasMessageAvailable(hasMsgInTopic);
If messages are available, read the next one:
`result = reader_.readNext(message, timeout);`
- Under moderate to high throughput or runtime duration, the application eventually crashes with a segmentation fault, pointing to:
pulsar::ConsumerImpl::messageReceived(...)
What did you expect to see?
The Reader should be able to:
Safely check if messages are available using hasMessageAvailable()
Reliably read messages using readNext()
The client should not crash due to a null pointer dereference or segmentation fault.
Internal message handling (e.g., via messageReceived) should gracefully handle malformed or unexpected broker messages.
What did you see instead?
below stack trace:
Backtrace Generated by Error Signal: [0x000000000000000b] PID: [0x0000000000112bdb] PC: [0x00007fdfc366f834] FP: [0x00007fdeafd17190] SIGSEGV: SEGV_MAPERR SI_ADDR : [0x0000000000000000] (Basics::Backtrace::DoBacktrace(int, int, void*, void*) 0x8bd) [0x7abec7d] (Basics::GlobalSignalHandlers::logFatalSignal(int, void*, void*) 0x106) [0x7ba8156] (Basics::sigHandler_withinATryCatch(int, siginfo_t*, void*) 0x2b8) [0x7ba9308] (Basics::sigHandler(int, siginfo_t*, void*) 0xf) [0x7ba939f] (__sigaction 0x50) [0x7fe5cee3ebf0] (pulsar::ConsumerImpl::messageReceived(std::shared_ptr<pulsar::ClientConnection> const&, pulsar::proto::CommandMessage const&, bool&, pulsar::proto::BrokerEntryMetadata&, pulsar::proto::MessageMetadata&, pulsar::SharedBuffer&) 0x204) [0x7fdfc366f834] (pulsar::ClientConnection::handleIncomingMessage(pulsar::proto::CommandMessage const&, bool, pulsar::proto::BrokerEntryMetadata&, pulsar::proto::MessageMetadata&, pulsar::SharedBuffer&) 0x25b) [0x7fdfc377d56b] (pulsar::ClientConnection::processIncomingBuffer() 0x316) [0x7fdfc37a7176] (UNKNOWN) [0x7fdfc37b6c70] (UNKNOWN) [0x7fdfc37b8be0] (boost::asio::detail::strand_executor_service::invoker<boost::asio::io_context::basic_executor_type<std::allocator<void>, 4ul> const, void>::operator()() 0x82) [0x7fdfc37c9512] (void boost::asio::io_context::basic_executor_type<std::allocator<void>, 4ul>::execute<boost::asio::detail::strand_executor_service::invoker<boost::asio::io_context::basic_executor_type<std::allocator<void>, 4ul> const, void> >(boost::asio::detail::strand_executor_service::invoker<boost::asio::io_context::basic_executor_type<std::allocator<void>, 4ul> const, void>&&) const 0x98) [0x7fdfc37c9778] (UNKNOWN) [0x7fdfc37b8718] (boost::asio::detail::scheduler::do_run_one(boost::asio::detail::conditionally_enabled_mutex::scoped_lock&, boost::asio::detail::scheduler_thread_info&, boost::system::error_code const&) 0x367) [0x7fdfc3687637] (boost::asio::detail::scheduler::run(boost::system::error_code&).isra.0 0xf9) [0x7fdfc3680e19] (pulsar::ExecutorService::start()::{lambda()#1}::operator()() const 0x91) [0x7fdfc36810b1] (std::error_code::default_error_condition() const 0x34) [0x7fe5cf2dbad4] (start_thread 0x31a) [0x7fe5cee8a19a] (__clone3 0x30) [0x7fe5cef0f240] END BACKTRACE NO THREAD CONTEXT
Anything else?
No response
Are you willing to submit a PR?
- I'm willing to submit a PR!