You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@apr.apache.org by Justin Erenkrantz <je...@apache.org> on 2002/08/26 23:13:15 UTC

Segfault in ap_vformatter on httpd startup

Something is hosed (yes, I did a clean rebuild).

I don't really trust this stack trace as ap_log_pid does get a
filename on entry, so I expect that the stack is smashed.  I
also ran teststr and that generates a 'bus error.'

I gotta run out the door right now.  If no one fixes it by the
time I get back, I'll bring out the cluebat and apply it
liberally.  -- justin

Program received signal EXC_BAD_ACCESS, Could not access memory.
0x00662e84 in apr_vformatter (flush_func=0x663c5c <snprintf_flush>, vbuff=0xbfffd6d0, fmt=0x68118 "[%s] ", ap=0xbfffd714 "") at /Users/jerenk/cvs-apache/httpd-2.0/srclib/apr/strings/apr_snprintf.c:730
730                 INS_CHAR(*fmt, sp, bep, cc);
#1  0x00663cc4 in apr_snprintf (buf=0x663c5c "8`ÿÿN\200", len=8165, format=0x5b <Address 0x5b out of bounds>) at /Users/jerenk/cvs-apache/httpd-2.0/srclib/apr/strings/apr_snprintf.c:1268
#2  0x0003d7ec in log_error_core (file=0x68000 "/Users/jerenk/cvs-apache/httpd-2.0/server/log.c", line=607, level=4, status=0, s=0x0, r=0x0, pool=0x2b3658, fmt=0x4eed20 "pid file /Users/jerenk/apache-2.0-cvs/logs/httpd.pid overwritten -- Unclean shutdown of previous Apache run?", args=0xbffff880 "") at /Users/jerenk/cvs-apache/httpd-2.0/server/log.c:455
#3  0x0003d9d4 in ap_log_perror (file=0x663c5c "8`ÿÿN\200", line=-1073752368, level=91, status=-1073752300, p=0x5b, fmt=0x30 <Address 0x30 out of bounds>) at /Users/jerenk/cvs-apache/httpd-2.0/server/log.c:545
#4  0x0003db68 in ap_log_pid (p=0x2b3658, filename=0x2dc3 "") at /Users/jerenk/cvs-apache/httpd-2.0/server/log.c:607
#5  0x000329cc in ap_mpm_run (_pconf=0x2b3658, plog=0xbfffd6d0, s=0x2b60f8) at /Users/jerenk/cvs-apache/httpd-2.0/server/mpm/prefork/prefork.c:954
#6  0x00034460 in main (argc=2, argv=0xbffffb20) at /Users/jerenk/cvs-apache/httpd-2.0/server/main.c:645
#7  0x00002210 in _start (argc=2, argv=0xbffffb20, envp=0xbffffb2c) at /SourceCache/Csu/Csu-45/crt.c:267
#8  0x00002090 in start ()

teststr bt:
Program received signal EXC_BAD_ACCESS, Could not access memory.
0x000adcd4 in apr_snprintf (buf=0xffffffff <Address 0xffffffff out of bounds>, len=100, format=0x73 <Address 0x73 out of bounds>) at /Users/jerenk/cvs-apache/httpd-2.0/srclib/apr/strings/apr_snprintf.c:1271
1271            *vbuff.curpos = '\0';
(gdb) bt
#0  0x000adcd4 in apr_snprintf (buf=0xffffffff <Address 0xffffffff out of bounds>, len=100, format=0x73 <Address 0x73 out of bounds>) at /Users/jerenk/cvs-apache/httpd-2.0/srclib/apr/strings/apr_snprintf.c:1271
#1  0x00002920 in test_snprintf (p=0xffffffff) at /Users/jerenk/cvs-apache/httpd-2.0/srclib/apr/test/teststr.c:138
#2  0x00002a2c in main (argc=-1, argv=0xbffff8a0) at /Users/jerenk/cvs-apache/httpd-2.0/srclib/apr/test/teststr.c:163
#3  0x000024f4 in _start (argc=1, argv=0xbffffa9c, envp=0xbffffaa4) at /SourceCache/Csu/Csu-45/crt.c:267
#4  0x00002374 in start ()

Re: Segfault in ap_vformatter on httpd startup

Posted by Blair Zajac <bl...@orcaware.com>.

Aaron Bannert wrote:
> 
> On Mon, Aug 26, 2002 at 06:04:28PM -0400, Ryan Bloom wrote:
> > I have done just enough looking at this problem to be thoroughly
> > confused.  Basically, if I run test/teststr, I get the seg fault, but if
> > I run test/.libs/teststr, everything just works.  I have re-built
> > multiple times, so I am at a complete loss here.  I'll try to look at this
> > later tonight when I get home.
> 
> Did you rebuild and install? The test/.libs/teststr one should be linked
> against the installed version, while the test/teststr should set up your
> dynamic link path to work with the libapr in your build tree.

I'm seeing a core dump in Subversion revision 3073 at the same location,
clean build, everything.  Reproducible by running

% cd subversion/tests/clients/cmdline
% python2 trans_tests.py 1

Running valgrind on teststr gets this:

Testing precision  ........
==14401== Conditional jump or move depends on uninitialised value(s)
==14401==    at 0x402685B0: apr_vformatter (apr_snprintf.c:1220)
==14401==    by 0x4026871C: apr_snprintf (apr_snprintf.c:1268)
==14401==    by 0x8048AEF: test_snprintf (teststr.c:138)
==14401==    by 0x8048BD4: main (teststr.c:163)
==14401==
==14401== Use of uninitialised value of size 4
==14401==    at 0x4026872A: apr_snprintf (apr_snprintf.c:1271)
==14401==    by 0x8048AEF: test_snprintf (teststr.c:138)
==14401==    by 0x8048BD4: main (teststr.c:163)
==14401==    by 0x42017589: (within /lib/i686/libc-2.2.5.so)
==14401==
==14401== Invalid write of size 1
==14401==    at 0x4026872A: apr_snprintf (apr_snprintf.c:1271)
==14401==    by 0x8048AEF: test_snprintf (teststr.c:138)
==14401==    by 0x8048BD4: main (teststr.c:163)
==14401==    by 0x42017589: (within /lib/i686/libc-2.2.5.so)
==14401==    Address 0x0 is not stack'd, malloc'd or free'd
Segmentation fault (core dumped)

I spent a while looking at the first warning and I'm not convinced it's
causing the problem, but it would be good to clean up.

Best,
Blair

-- 
Blair Zajac <bl...@orcaware.com>
Web and OS performance plots - http://www.orcaware.com/orca/

Re: Segfault in ap_vformatter on httpd startup

Posted by Aaron Bannert <aa...@clove.org>.

On Mon, Aug 26, 2002 at 06:04:28PM -0400, Ryan Bloom wrote:
> I have done just enough looking at this problem to be thoroughly 
> confused.  Basically, if I run test/teststr, I get the seg fault, but if
> I run test/.libs/teststr, everything just works.  I have re-built
> multiple times, so I am at a complete loss here.  I'll try to look at this
> later tonight when I get home.

Did you rebuild and install? The test/.libs/teststr one should be linked
against the installed version, while the test/teststr should set up your
dynamic link path to work with the libapr in your build tree.

-aaron

Re: Segfault in ap_vformatter on httpd startup

Posted by rb...@apache.org.

I have done just enough looking at this problem to be thoroughly 
confused.  Basically, if I run test/teststr, I get the seg fault, but if
I run test/.libs/teststr, everything just works.  I have re-built
multiple times, so I am at a complete loss here.  I'll try to look at this
later tonight when I get home.

Ryan

On Mon, 26 Aug 2002, Justin Erenkrantz wrote:

> Something is hosed (yes, I did a clean rebuild).
> 
> I don't really trust this stack trace as ap_log_pid does get a
> filename on entry, so I expect that the stack is smashed.  I
> also ran teststr and that generates a 'bus error.'
> 
> I gotta run out the door right now.  If no one fixes it by the
> time I get back, I'll bring out the cluebat and apply it
> liberally.  -- justin
> 
> Program received signal EXC_BAD_ACCESS, Could not access memory.
> 0x00662e84 in apr_vformatter (flush_func=0x663c5c <snprintf_flush>, vbuff=0xbfffd6d0, fmt=0x68118 "[%s] ", ap=0xbfffd714 "") at /Users/jerenk/cvs-apache/httpd-2.0/srclib/apr/strings/apr_snprintf.c:730
> 730                 INS_CHAR(*fmt, sp, bep, cc);
> #1  0x00663cc4 in apr_snprintf (buf=0x663c5c "8`��N\200", len=8165, format=0x5b <Address 0x5b out of bounds>) at /Users/jerenk/cvs-apache/httpd-2.0/srclib/apr/strings/apr_snprintf.c:1268
> #2  0x0003d7ec in log_error_core (file=0x68000 "/Users/jerenk/cvs-apache/httpd-2.0/server/log.c", line=607, level=4, status=0, s=0x0, r=0x0, pool=0x2b3658, fmt=0x4eed20 "pid file /Users/jerenk/apache-2.0-cvs/logs/httpd.pid overwritten -- Unclean shutdown of previous Apache run?", args=0xbffff880 "") at /Users/jerenk/cvs-apache/httpd-2.0/server/log.c:455
> #3  0x0003d9d4 in ap_log_perror (file=0x663c5c "8`��N\200", line=-1073752368, level=91, status=-1073752300, p=0x5b, fmt=0x30 <Address 0x30 out of bounds>) at /Users/jerenk/cvs-apache/httpd-2.0/server/log.c:545
> #4  0x0003db68 in ap_log_pid (p=0x2b3658, filename=0x2dc3 "") at /Users/jerenk/cvs-apache/httpd-2.0/server/log.c:607
> #5  0x000329cc in ap_mpm_run (_pconf=0x2b3658, plog=0xbfffd6d0, s=0x2b60f8) at /Users/jerenk/cvs-apache/httpd-2.0/server/mpm/prefork/prefork.c:954
> #6  0x00034460 in main (argc=2, argv=0xbffffb20) at /Users/jerenk/cvs-apache/httpd-2.0/server/main.c:645
> #7  0x00002210 in _start (argc=2, argv=0xbffffb20, envp=0xbffffb2c) at /SourceCache/Csu/Csu-45/crt.c:267
> #8  0x00002090 in start ()
> 
> teststr bt:
> Program received signal EXC_BAD_ACCESS, Could not access memory.
> 0x000adcd4 in apr_snprintf (buf=0xffffffff <Address 0xffffffff out of bounds>, len=100, format=0x73 <Address 0x73 out of bounds>) at /Users/jerenk/cvs-apache/httpd-2.0/srclib/apr/strings/apr_snprintf.c:1271
> 1271            *vbuff.curpos = '\0';
> (gdb) bt
> #0  0x000adcd4 in apr_snprintf (buf=0xffffffff <Address 0xffffffff out of bounds>, len=100, format=0x73 <Address 0x73 out of bounds>) at /Users/jerenk/cvs-apache/httpd-2.0/srclib/apr/strings/apr_snprintf.c:1271
> #1  0x00002920 in test_snprintf (p=0xffffffff) at /Users/jerenk/cvs-apache/httpd-2.0/srclib/apr/test/teststr.c:138
> #2  0x00002a2c in main (argc=-1, argv=0xbffff8a0) at /Users/jerenk/cvs-apache/httpd-2.0/srclib/apr/test/teststr.c:163
> #3  0x000024f4 in _start (argc=1, argv=0xbffffa9c, envp=0xbffffaa4) at /SourceCache/Csu/Csu-45/crt.c:267
> #4  0x00002374 in start ()
> 

-- 

_______________________________________________________________________________
Ryan Bloom                        	rbb@apache.org
550 Jean St
Oakland CA 94610
-------------------------------------------------------------------------------