You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2008/11/18 13:02:46 UTC
DO NOT REPLY [Bug 43533] Frequent crashes in mod_include's bndm()
https://issues.apache.org/bugzilla/show_bug.cgi?id=43533
Markus Linnala <Ma...@plenware.fi> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |Markus.Linnala@plenware.fi
--- Comment #5 from Markus Linnala <Ma...@plenware.fi> 2008-11-18 04:02:45 PST ---
You need to have #include virtual on file which changes during request. I guess
as file is mmapped and if it is not complete or changes during request you get
these crashes.
Reproducible. RHEL4 x86_64 Stock 2.2.10, compiled:
CFLAGS='-O0 -g' ./configure --with-mpm=prefork --enable-maintainer-mode
Create shtml file with include virtual, so that it includes complex shtml-file.
# cat html/test-43533.shtml
<html><body>
<!--#include virtual="inc-43533.shtml" -->
</body></html>
# cat html/inc-43533-orig.shtml
<!--#config timefmt="%M" -->
<!--#if expr="$date_local > 00 && $date_local < 10" -->
<!--#include virtual="/foo2.html" -->
<!--#endif -->
<!--#if expr="$date_local > 09 && $date_local < 20" -->
<!--#include virtual="/foo2.html" -->
<!--#endif -->
<!--#if expr="$date_local > 19 && $date_local < 30" -->
<!--#include virtual="/foo2.html" -->
<!--#endif -->
<!--#if expr="$date_local > 29 && $date_local < 40" -->
<!--#include virtual="/foo2.html" -->
<!--#endif -->
<!--#if expr="$date_local > 39 && $date_local < 50" -->
<!--#include virtual="/foo2.html" -->
<!--#endif -->
<!--#if expr="$date_local > 49 && $date_local < 60" -->
<!--#include virtual="/foo2.html" -->
<!--#endif -->
Create job that changes file continuously:
# (while sleep 1;do cp html/inc-43533-orig.shtml html/inc-43533.shtml;done)&
Start prefork (or worker) apache with -X option.
Request test-43533.shtml with ab and wait it to crash.
Below several points.
Program received signal SIGBUS, Bus error.
[Switching to Thread 182897648736 (LWP 13275)]
0x0000000000450d71 in find_directive (ctx=0x65f7a8,
data=0x2a959131de "if expr=\"$date_local > 39 && $date_local < 50\" -->\n
<!--#include virtual=\"/foo2.html\" -->\n<!--#endif -->\n<!--#if
expr=\"$date_local > 49 && $date_local < 60\" -->\n <!--#include
virtual=\"/foo2.html\" --"...,
len=217, store=0x7fbfffee20, store_len=0x7fbfffee18) at mod_include.c:2726
2726 while (p < ep && !apr_isspace(*p)) {
(gdb) where
#0 0x0000000000450d71 in find_directive (ctx=0x65f7a8,
data=0x2a959131de "if expr=\"$date_local > 39 && $date_local < 50\" -->\n
<!--#include virtual=\"/foo2.html\" -->\n<!--#endif -->\n<!--#if
expr=\"$date_local > 49 && $date_local < 60\" -->\n <!--#include
virtual=\"/foo2.html\" --"...,
len=217, store=0x7fbfffee20, store_len=0x7fbfffee18) at mod_include.c:2726
#1 0x0000000000452068 in send_parsed_content (f=0x65f5e8, bb=0x65f768) at
mod_include.c:3300
#2 0x0000000000453075 in includes_filter (f=0x65f5e8, b=0x65f768) at
mod_include.c:3651
#3 0x00000000004490c4 in ap_pass_brigade (next=0x65f5e8, bb=0x65f768) at
util_filter.c:526
#4 0x0000000000434b44 in default_handler (r=0x65da78) at core.c:3740
#5 0x000000000043bc88 in ap_run_handler (r=0x65da78) at config.c:157
#6 0x000000000043c52f in ap_invoke_handler (r=0x65da78) at config.c:372
#7 0x0000000000439128 in ap_run_sub_req (r=0x65da78) at request.c:1876
#8 0x000000000044e027 in handle_include (ctx=0x654128, f=0x653e90,
bb=0x654c40) at mod_include.c:1737
#9 0x00000000004527b8 in send_parsed_content (f=0x653e90, bb=0x6540e8) at
mod_include.c:3432
#10 0x0000000000453075 in includes_filter (f=0x653e90, b=0x6540e8) at
mod_include.c:3651
#11 0x00000000004490c4 in ap_pass_brigade (next=0x653e90, bb=0x6540e8) at
util_filter.c:526
#12 0x0000000000434b44 in default_handler (r=0x64fa08) at core.c:3740
#13 0x000000000043bc88 in ap_run_handler (r=0x64fa08) at config.c:157
#14 0x000000000043c52f in ap_invoke_handler (r=0x64fa08) at config.c:372
#15 0x000000000045bd5f in ap_process_request (r=0x64fa08) at http_request.c:258
#16 0x0000000000458f84 in ap_process_http_connection (c=0x64bbd8) at
http_core.c:190
#17 0x0000000000444d25 in ap_run_process_connection (c=0x64bbd8) at
connection.c:43
#18 0x0000000000445156 in ap_process_connection (c=0x64bbd8, csd=0x64b9e8) at
connection.c:178
#19 0x00000000004747a6 in child_main (child_num_arg=0) at prefork.c:650
#20 0x0000000000474876 in make_child (s=0x5b9160, slot=0) at prefork.c:690
#21 0x0000000000474e0a in ap_mpm_run (_pconf=0x5b0138, plog=0x5f2348,
s=0x5b9160) at prefork.c:966
#22 0x0000000000423bea in main (argc=6, argv=0x7fbffff7d8) at main.c:740
Program received signal SIGBUS, Bus error.
[Switching to Thread 182897648736 (LWP 15546)]
0x00000000004508d4 in bndm (t=0x6559b8,
h=0x2a95913247 "\n<!--#if expr=\"$date_local > 49 && $date_local < 60\"
-->\n <!--#include virtual=\"/foo2.html\" -->\n<!--#endif -->\n", hl=112) at
mod_include.c:2520
2520 d &= T[(unsigned char) *p--];
#0 0x00000000004508d4 in bndm (t=0x6559b8,
h=0x2a95913247 "\n<!--#if expr=\"$date_local > 49 && $date_local < 60\"
-->\n <!--#include virtual=\"/foo2.html\" -->\n<!--#endif -->\n", hl=112) at
mod_include.c:2520
#1 0x00000000004509bf in find_start_sequence (ctx=0x659778,
data=0x2a95913247 "\n<!--#if expr=\"$date_local > 49 && $date_local < 60\"
-->\n <!--#include virtual=\"/foo2.html\" -->\n<!--#endif -->\n", len=112) at
mod_include.c:2561
#2 0x0000000000451d20 in send_parsed_content (f=0x6595b8, bb=0x659738) at
mod_include.c:3238
#3 0x0000000000453075 in includes_filter (f=0x6595b8, b=0x659738) at
mod_include.c:3651
...
Program received signal SIGBUS, Bus error.
[Switching to Thread 182897648736 (LWP 16265)]
0x0000000000450d71 in find_directive (ctx=0x65b788, data=0x2a959131de "",
len=217, store=0x7fbfffee20,
store_len=0x7fbfffee18) at mod_include.c:2726
2726 while (p < ep && !apr_isspace(*p)) {
Program received signal SIGBUS, Bus error.
[Switching to Thread 182897648736 (LWP 16695)]
0x000000000045102b in find_arg_or_tail (ctx=0x6637c8,
data=0x2a959130e7 " -->\n<!--#endif -->\n<!--#if expr=\"$date_local > 19 &&
$date_local < 30\" -->\n <!--#include virtual=\"/foo2.html\" -->\n<!--#endif
-->\n<!--#if expr=\"$date_local > 29 && $date_local < 40\" -->\n
<!--#includ"..., len=464)
at mod_include.c:2823
2823 while (p < ep && apr_isspace(*p)) {
Program received signal SIGBUS, Bus error.
[Switching to Thread 182897648736 (LWP 17474)]
0x0000003f31072584 in memcpy () from /lib64/tls/libc.so.6
(gdb) where
#0 0x0000003f31072584 in memcpy () from /lib64/tls/libc.so.6
#1 0x0000002a955731ff in apr_brigade_flatten (bb=0x657830, c=0x65baa8
"/foo2.html", len=0x7fbfffed98)
at buckets/apr_brigade.c:252
#2 0x0000002a955732a6 in apr_brigade_pflatten (bb=0x657830, c=0x65ba88,
len=0x65ba90, pool=0x65b9e8)
at buckets/apr_brigade.c:294
#3 0x00000000004523e1 in send_parsed_content (f=0x6575a8, bb=0x657728) at
mod_include.c:3370
...
Program received signal SIGBUS, Bus error.
[Switching to Thread 182897648736 (LWP 17906)]
0x00000000004516ca in find_argument (ctx=0x659778,
data=0x2a9591306d "/foo2.html\" -->\n<!--#endif -->\n<!--#if
expr=\"$date_local > 09 && $date_local < 20\" -->\n <!--#include
virtual=\"/foo2.html\" -->\n<!--#endif -->\n<!--#if expr=\"$date_local > 19 &&
$date_local < 30\" -->\n "...,
len=586, store=0x7fbfffee20, store_len=0x7fbfffee18) at mod_include.c:3028
3028 if (intern->quote && *p == '\\') {
(gdb) print *(*b->list->next)->type
$16 = {name = 0x2a9558b054 "MMAP", num_func = 5, is_metadata = APR_BUCKET_DATA,
destroy = 0x2a95575042 <mmap_bucket_destroy>, read = 0x2a95574f98
<mmap_bucket_read>,
setaside = 0x2a9557519a <mmap_bucket_setaside>, split = 0x422698, copy =
0x421cb8}
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org