Description
Describe the bug
A vulnerability has been identified in the hmq broker version 1.5.5 that can cause the application to crash due to improper handling of certain inputs.
Expected behavior
The application should handle all inputs safely and avoid crashing, even when unexpected or malformed data is provided.
Crash detail
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0x989a7b]
goroutine 230 [running]:
github.com/fhmq/hmq/broker.ProcessMessage(0x1?)
/targets/hmq-1.5.5/broker/client.go:294 +0xf3b
github.com/fhmq/hmq/broker.(*Broker).SubmitWork.func1()
/targets/hmq-1.5.5/broker/broker.go:143 +0x1d
github.com/fhmq/hmq/pool.startWorker(0x0?)
/targets/hmq-1.5.5/pool/fixpool.go:54 +0x22
created by github.com/fhmq/hmq/pool.(*WorkerPool).dispatch
/targets/hmq-1.5.5/pool/fixpool.go:41 +0x27
To Reproduce
I provided two sequences that can cause a crash. Choose one and then execute it:
python hmq_crash_2.py
hmq_crash.zip