You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by Wayne Rosen <ro...@eosdata.gsfc.nasa.gov> on 1997/08/28 23:40:15 UTC

general/1073: http core dumps with SIGSEGV

>Number:         1073
>Category:       general
>Synopsis:       http core dumps with SIGSEGV
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    apache (Apache HTTP Project)
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Thu Aug 28 14:40:11 1997
>Originator:     rosen@daac.gsfc.nasa.gov
>Organization:
apache
>Release:        1.2.4
>Environment:
Apache httpd version 1.2.4 and 1.2.1 running on an SGI IRIX 5.3 system.

I  patchSG0000420       12/01/95  Patch SG0000420
I  patchSG0000528       12/01/95  Patch SG0000528
I  patchSG0000870       08/08/96  Patch SG0000870: 5.3 EFS rollup patch for all 5.3 non-XFS releases
I  patchSG0001079       05/02/97  Patch SG0001079: IRIX 5.3 FDDIXPress 5.3p1079 IO4 IA work-around and FDDI roll-up
I  patchSG0001102       08/08/96  Patch SG0001102: NFS roll-up
I  patchSG0001110       11/01/96  Patch SG0001110: Security fix for sysmon
I  patchSG0001122       07/03/97  Patch SG0001122: SCSI roll up for 5.3 without XFS
I  patchSG0001128       03/22/96  Patch SG0001128: CERT VU 15781
I  patchSG0001143       06/02/97  Patch SG0001143: IDLEWEEKS support in login - Security roll up for telnetd
I  patchSG0001268       08/08/96  Patch SG0001268: 5.3/5.3xfs combined kernel rollup patch
I  patchSG0001273       05/09/96  Patch SG0001273: rmail security patch
I  patchSG0001283       07/03/97  Patch SG0001283: tape patch adding LEOT/PEOT handing and DLT2x00XT, 4x00 and 7x00 support
I  patchSG0001469       07/01/97  Patch SG0001469: Add support for DLT2500XT and IBM NTP to stacker program
I  patchSG0001502       06/02/97  Patch SG0001502: sendmail core dump if message is too long
I  patchSG0001518       08/19/96  Patch SG0001518: Desktop security patch
I  patchSG0001596       12/10/96  Patch SG0001596: Searchbook and iconbook file permissions security patch in 5.3
I  patchSG0001685       01/02/97  Patch SG0001685 : netprint security patch for IRIX 5.3 and 6.1
I  patchSG0002064       06/02/97  Patch SG0002064: rld rollup #1
I  patchSG0002132       07/24/97  Patch SG0002132: talkd security
I  patchSG0002292       08/21/97  Patch SG0002292: IRIX 5.3 Networking Rollup
>Description:
The timeout alarm in http_main.c seems to have a race condition that
causes current_conn to be lost (i.e. set to nil).  


dbx version 3.19 Nov  3 1994 19:59:46
Core from signal SIGSEGV: Segmentation violation
(dbx) dump 
get_remote_host(conn = (nil), dir_config = 0x10011c48, type = 1) ["/usr/local/src/apache/apache_1.2.4/src/http_core.c":341, 0x413f90]
iaddr = 0x40e47c
hptr = 0xfb5af20
dir_conf = 0x10012288

dbx version 3.19 Nov  3 1994 19:59:46
Core from signal SIGSEGV: Segmentation violation
(dbx) where
>  0 get_remote_host(conn = (nil), dir_config = 0x10011c48, type = 1) ["/usr/local/src/apache/apache_1.2.4/src/http_core.c":341, 0x413f90]
   1 timeout(sig = 14) ["/usr/local/src/apache/apache_1.2.4/src/http_main.c":378, 0x40e5a8]
   2 _sigtramp(0x10011c48, 0x100005f4, 0x7fff8a40, 0x0) ["sigtramp.s":59, 0xfad5958]
   3 _read(0x0, 0x10013ed0, 0x1000, 0x1) ["read.s":15, 0xfac240c]
   4 saferead(fb = 0x10013e90, buf = 0x10013ed0, nbyte = 4096) ["/usr/local/src/apache/apache_1.2.4/src/buff.c":323, 0x42d5f4]
   5 bgets(buff = 0x7fff8ef8 = "e/gif, image/x-xbitmap, image/jpeg, image/pjpeg", n = 8192, fb = 0x10013e90) ["/usr/local/src/apache/apache_1.2.4/src/buff.c":451, 0x42dbd4]
   6 getline(s = (nil), n = 0, in = (nil), fold = 0) ["/usr/local/src/apache/apache_1.2.4/src/http_protocol.c":468, 0x4205b0]
   7 read_request_line(r = 0x1001f0f8) ["/usr/local/src/apache/apache_1.2.4/src/http_protocol.c":624, 0x420c98]
   8 read_request(conn = 0x1001e898) ["/usr/local/src/apache/apache_1.2.4/src/http_protocol.c":796, 0x421908]
   9 main(argc = 2, argv = 0x7fffaf94) ["/usr/local/src/apache/apache_1.2.4/src/http_main.c":2503, 0x412f90]
   10 __start() ["crt1text.s":133, 0x40a9bc]


>How-To-Repeat:
Start any html page then kill the browser, while loading the page,
with the local window manager.
>Fix:
I added the following line to http_main.c in subroute timeout():

diff http_main.c http_main.c.orig
359d358
<     current_conn = timeout_req->connection;

Seems to prevent the core dumps, but I'm not sure if there are any
side-effects..
>Audit-Trail:
>Unformatted: