You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by Wayne Rosen <ro...@eosdata.gsfc.nasa.gov> on 1997/08/27 19:20:04 UTC

os-irix/1064: Httpd core dumps with SIGSEGV during timeout signal

>Number:         1064
>Category:       os-irix
>Synopsis:       Httpd core dumps with SIGSEGV during timeout signal
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    apache (Apache HTTP Project)
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Wed Aug 27 10:20:02 1997
>Originator:     rosen@daac.gsfc.nasa.gov
>Organization:
apache
>Release:        1.2.4 and 1.2.1
>Environment:
IRIX eosdata 5.3 11091811 IP19 mips
C, 3.19

Also, happens on IRIX 6.2 with C, 7.0
>Description:
Apache http server versions 1.2.4 and 1.2.1 are repeatly dumping core
with the following backtrace:

dbx version 3.19 Nov  3 1994 19:59:46
Core from signal SIGSEGV: Segmentation violation
(dbx) where
>  0 get_remote_host(conn = (nil), dir_config = 0x10011c48, type = 1) ["/usr/local/src/apache/apache_1.2.4/src/http_core.c":341, 0x413f90]
   1 timeout(sig = 14) ["/usr/local/src/apache/apache_1.2.4/src/http_main.c":377, 0x40e5a0]
   2 _sigtramp(0x10011c48, 0x100005f4, 0x7fff8a40, 0x0) ["sigtramp.s":59, 0xfad5958]
   3 _read(0x0, 0x10013ed0, 0x1000, 0x1) ["read.s":15, 0xfac240c]
   4 saferead(fb = 0x10013e90, buf = 0x10013ed0, nbyte = 4096) ["/usr/local/src/apache/apache_1.2.4/src/buff.c":327, 0x42d5ec]
   5 bgets(buff = 0x7fff8ef8 = "Bs\265s\224!\371\004", n = 8192, fb = 0x10013e90) ["/usr/local/src/apache/apache_1.2.4/src/buff.c":452, 0x42dbcc]
   6 getline(s = 0x7fff8ef8 = "Bs\265s\224!\371\004", n = 8192, in = 0x10013e90, fold = 0) ["/usr/local/src/apache/apache_1.2.4/src/http_protocol.c":476, 0x4205a8]
   7 read_request_line(r = 0x1001ea50) ["/usr/local/src/apache/apache_1.2.4/src/http_protocol.c":625, 0x420c90]
   8 read_request(conn = 0x1001e898) ["/usr/local/src/apache/apache_1.2.4/src/http_protocol.c":797, 0x421900]
   9 main(argc = 2, argv = 0x7fffaf94) ["/usr/local/src/apache/apache_1.2.4/src/http_main.c":2503, 0x412f88]
   10 __start() ["crt1text.s":133, 0x40a9bc]
(dbx) dump
get_remote_host(conn = (nil), dir_config = 0x10011c48, type = 1) ["/usr/local/src/apache/apache_1.2.4/src/http_core.c":341, 0x413f90]
iaddr = 0x40e47c
hptr = 0xfb5af20
dir_conf = 0x10012288

For some reason current_conn is not set in the http_main.c timeout()
signal handler and the following jump is not run:

void timeout(int sig)                   /* Also called on SIGPIPE */
{
    char errstr[MAX_STRING_LEN];
    void *dirconf;

    signal(SIGPIPE, SIG_IGN);           /* Block SIGPIPE */
    if (alarms_blocked) {
        alarm_pending = 1;
        return;
    }
    
    if (!current_conn) { 
        ap_longjmp (jmpbuffer, 1);
    }


>How-To-Repeat:
Hard to say.  I've had sucess waiting the default timeout 300s after
killing a page during download.
>Fix:
I've tried increasing the timeout values, setting the server to process
only one request, changing the source to use the r stuct or the 
timeout_req struct, but all attempts have still resulted in core dumps.

%0
>Audit-Trail:
>Unformatted: