You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by Wayne Rosen <ro...@eosdata.gsfc.nasa.gov> on 1997/08/28 23:40:15 UTC
general/1073: http core dumps with SIGSEGV
>Number: 1073
>Category: general
>Synopsis: http core dumps with SIGSEGV
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: apache (Apache HTTP Project)
>State: open
>Class: sw-bug
>Submitter-Id: apache
>Arrival-Date: Thu Aug 28 14:40:11 1997
>Originator: rosen@daac.gsfc.nasa.gov
>Organization:
apache
>Release: 1.2.4
>Environment:
Apache httpd version 1.2.4 and 1.2.1 running on an SGI IRIX 5.3 system.
I patchSG0000420 12/01/95 Patch SG0000420
I patchSG0000528 12/01/95 Patch SG0000528
I patchSG0000870 08/08/96 Patch SG0000870: 5.3 EFS rollup patch for all 5.3 non-XFS releases
I patchSG0001079 05/02/97 Patch SG0001079: IRIX 5.3 FDDIXPress 5.3p1079 IO4 IA work-around and FDDI roll-up
I patchSG0001102 08/08/96 Patch SG0001102: NFS roll-up
I patchSG0001110 11/01/96 Patch SG0001110: Security fix for sysmon
I patchSG0001122 07/03/97 Patch SG0001122: SCSI roll up for 5.3 without XFS
I patchSG0001128 03/22/96 Patch SG0001128: CERT VU 15781
I patchSG0001143 06/02/97 Patch SG0001143: IDLEWEEKS support in login - Security roll up for telnetd
I patchSG0001268 08/08/96 Patch SG0001268: 5.3/5.3xfs combined kernel rollup patch
I patchSG0001273 05/09/96 Patch SG0001273: rmail security patch
I patchSG0001283 07/03/97 Patch SG0001283: tape patch adding LEOT/PEOT handing and DLT2x00XT, 4x00 and 7x00 support
I patchSG0001469 07/01/97 Patch SG0001469: Add support for DLT2500XT and IBM NTP to stacker program
I patchSG0001502 06/02/97 Patch SG0001502: sendmail core dump if message is too long
I patchSG0001518 08/19/96 Patch SG0001518: Desktop security patch
I patchSG0001596 12/10/96 Patch SG0001596: Searchbook and iconbook file permissions security patch in 5.3
I patchSG0001685 01/02/97 Patch SG0001685 : netprint security patch for IRIX 5.3 and 6.1
I patchSG0002064 06/02/97 Patch SG0002064: rld rollup #1
I patchSG0002132 07/24/97 Patch SG0002132: talkd security
I patchSG0002292 08/21/97 Patch SG0002292: IRIX 5.3 Networking Rollup
>Description:
The timeout alarm in http_main.c seems to have a race condition that
causes current_conn to be lost (i.e. set to nil).
dbx version 3.19 Nov 3 1994 19:59:46
Core from signal SIGSEGV: Segmentation violation
(dbx) dump
get_remote_host(conn = (nil), dir_config = 0x10011c48, type = 1) ["/usr/local/src/apache/apache_1.2.4/src/http_core.c":341, 0x413f90]
iaddr = 0x40e47c
hptr = 0xfb5af20
dir_conf = 0x10012288
dbx version 3.19 Nov 3 1994 19:59:46
Core from signal SIGSEGV: Segmentation violation
(dbx) where
> 0 get_remote_host(conn = (nil), dir_config = 0x10011c48, type = 1) ["/usr/local/src/apache/apache_1.2.4/src/http_core.c":341, 0x413f90]
1 timeout(sig = 14) ["/usr/local/src/apache/apache_1.2.4/src/http_main.c":378, 0x40e5a8]
2 _sigtramp(0x10011c48, 0x100005f4, 0x7fff8a40, 0x0) ["sigtramp.s":59, 0xfad5958]
3 _read(0x0, 0x10013ed0, 0x1000, 0x1) ["read.s":15, 0xfac240c]
4 saferead(fb = 0x10013e90, buf = 0x10013ed0, nbyte = 4096) ["/usr/local/src/apache/apache_1.2.4/src/buff.c":323, 0x42d5f4]
5 bgets(buff = 0x7fff8ef8 = "e/gif, image/x-xbitmap, image/jpeg, image/pjpeg", n = 8192, fb = 0x10013e90) ["/usr/local/src/apache/apache_1.2.4/src/buff.c":451, 0x42dbd4]
6 getline(s = (nil), n = 0, in = (nil), fold = 0) ["/usr/local/src/apache/apache_1.2.4/src/http_protocol.c":468, 0x4205b0]
7 read_request_line(r = 0x1001f0f8) ["/usr/local/src/apache/apache_1.2.4/src/http_protocol.c":624, 0x420c98]
8 read_request(conn = 0x1001e898) ["/usr/local/src/apache/apache_1.2.4/src/http_protocol.c":796, 0x421908]
9 main(argc = 2, argv = 0x7fffaf94) ["/usr/local/src/apache/apache_1.2.4/src/http_main.c":2503, 0x412f90]
10 __start() ["crt1text.s":133, 0x40a9bc]
>How-To-Repeat:
Start any html page then kill the browser, while loading the page,
with the local window manager.
>Fix:
I added the following line to http_main.c in subroute timeout():
diff http_main.c http_main.c.orig
359d358
< current_conn = timeout_req->connection;
Seems to prevent the core dumps, but I'm not sure if there are any
side-effects..
>Audit-Trail:
>Unformatted: