You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@apr.apache.org by "Mathihalli, Madhusudan" <ma...@hp.com> on 2004/03/19 19:08:01 UTC

SEGV in allocator_free

Hi,
	I am trying to test a SSL Proxy server using sslswamp, and I'm running into the following segmentation fault !

There appears to be some missing error checks in the APR library - here's the backtrace:
(Apache 2.0.48 - and I haven't tried 2.0.49)

(gdb) bt
#0  0xc000000001ba2190:0 in allocator_free (allocator=0x60000000001abe90, 
    node=0x0) at apr_pools.c:374
#1  0xc000000001ba2fe0:0 in apr_pool_clear (pool=0x6000000000439e68)
    at apr_pools.c:746
#2  0x400000000009fa00:0 in core_output_filter+0x8b0 ()
#3  0x4000000000082b50:0 in ap_pass_brigade+0x130 ()
#4  0xc000000001f31290:0 in bio_filter_out_flush+0x190 ()
   from /opt/hpws/apache/modules/mod_ssl.so
#5  0xc000000001f31790:0 in bio_filter_out_write+0x190 ()
   from /opt/hpws/apache/modules/mod_ssl.so
#6  0xc000000001fd4540:0 in BIO_write+0x1a0 ()
   from /opt/hpws/apache/modules/mod_ssl.so
#7  0xc000000001fae0d0:0 in ssl3_send_alert+0x770 ()
   from /opt/hpws/apache/modules/mod_ssl.so
#8  0xc000000001fa73a0:0 in ssl3_shutdown+0xe0 ()
   from /opt/hpws/apache/modules/mod_ssl.so
#9  0xc000000001f7c540:0 in SSL_shutdown+0xe0 ()
   from /opt/hpws/apache/modules/mod_ssl.so
#10 0xc000000001f56120:0 in SSL_smart_shutdown+0x40 ()
   from /opt/hpws/apache/modules/mod_ssl.so
#11 0xc000000001f33b60:0 in ssl_filter_io_shutdown+0xd0 ()
   from /opt/hpws/apache/modules/mod_ssl.so
#12 0xc000000001f33da0:0 in ssl_io_filter_cleanup+0x60 ()
(gdb) p node
$1 = (struct apr_memnode_t *) 0x0
(gdb) p index
$2 = 0
(gdb) fr 1
#1  0xc000000001ba2fe0:0 in apr_pool_clear (pool=0x6000000000439e68)
    at apr_pools.c:746
746     in apr_pools.c
(gdb) p pool->allocator
$3 = (struct apr_allocator_t *) 0x60000000001abe90
(gdb) p active->next
$4 = (struct apr_memnode_t *) 0x0
(gdb) p active
$5 = (struct apr_memnode_t *) 0x6000000000439e40
(gdb) p *active
$6 = {next = 0x0, ref = 0x6000000000439e40, index = 1, free_index = 0, 
  first_avail = 0x6000000000439ed0 "`", endp = 0x600000000043be40 "`"}

Re: SEGV in allocator_free

Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.

How is this apr?  seems you have a pool scope bug causing a double-clear?

Bill

At 12:08 PM 3/19/2004, Mathihalli, Madhusudan wrote:
>Hi,
>        I am trying to test a SSL Proxy server using sslswamp, and I'm running into the following segmentation fault !
>
>There appears to be some missing error checks in the APR library - here's the backtrace:
>(Apache 2.0.48 - and I haven't tried 2.0.49)
>
>(gdb) bt
>#0  0xc000000001ba2190:0 in allocator_free (allocator=0x60000000001abe90, 
>    node=0x0) at apr_pools.c:374
>#1  0xc000000001ba2fe0:0 in apr_pool_clear (pool=0x6000000000439e68)
>    at apr_pools.c:746
>#2  0x400000000009fa00:0 in core_output_filter+0x8b0 ()
>#3  0x4000000000082b50:0 in ap_pass_brigade+0x130 ()
>#4  0xc000000001f31290:0 in bio_filter_out_flush+0x190 ()
>   from /opt/hpws/apache/modules/mod_ssl.so
>#5  0xc000000001f31790:0 in bio_filter_out_write+0x190 ()
>   from /opt/hpws/apache/modules/mod_ssl.so
>#6  0xc000000001fd4540:0 in BIO_write+0x1a0 ()
>   from /opt/hpws/apache/modules/mod_ssl.so
>#7  0xc000000001fae0d0:0 in ssl3_send_alert+0x770 ()
>   from /opt/hpws/apache/modules/mod_ssl.so
>#8  0xc000000001fa73a0:0 in ssl3_shutdown+0xe0 ()
>   from /opt/hpws/apache/modules/mod_ssl.so
>#9  0xc000000001f7c540:0 in SSL_shutdown+0xe0 ()
>   from /opt/hpws/apache/modules/mod_ssl.so
>#10 0xc000000001f56120:0 in SSL_smart_shutdown+0x40 ()
>   from /opt/hpws/apache/modules/mod_ssl.so
>#11 0xc000000001f33b60:0 in ssl_filter_io_shutdown+0xd0 ()
>   from /opt/hpws/apache/modules/mod_ssl.so
>#12 0xc000000001f33da0:0 in ssl_io_filter_cleanup+0x60 ()
>(gdb) p node
>$1 = (struct apr_memnode_t *) 0x0
>(gdb) p index
>$2 = 0
>(gdb) fr 1
>#1  0xc000000001ba2fe0:0 in apr_pool_clear (pool=0x6000000000439e68)
>    at apr_pools.c:746
>746     in apr_pools.c
>(gdb) p pool->allocator
>$3 = (struct apr_allocator_t *) 0x60000000001abe90
>(gdb) p active->next
>$4 = (struct apr_memnode_t *) 0x0
>(gdb) p active
>$5 = (struct apr_memnode_t *) 0x6000000000439e40
>(gdb) p *active
>$6 = {next = 0x0, ref = 0x6000000000439e40, index = 1, free_index = 0, 
>  first_avail = 0x6000000000439ed0 "`", endp = 0x600000000043be40 "`"}

Re: SEGV in allocator_free

Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.

How is this apr?  seems you have a pool scope bug causing a double-clear?

Bill

At 12:08 PM 3/19/2004, Mathihalli, Madhusudan wrote:
>Hi,
>        I am trying to test a SSL Proxy server using sslswamp, and I'm running into the following segmentation fault !
>
>There appears to be some missing error checks in the APR library - here's the backtrace:
>(Apache 2.0.48 - and I haven't tried 2.0.49)
>
>(gdb) bt
>#0  0xc000000001ba2190:0 in allocator_free (allocator=0x60000000001abe90, 
>    node=0x0) at apr_pools.c:374
>#1  0xc000000001ba2fe0:0 in apr_pool_clear (pool=0x6000000000439e68)
>    at apr_pools.c:746
>#2  0x400000000009fa00:0 in core_output_filter+0x8b0 ()
>#3  0x4000000000082b50:0 in ap_pass_brigade+0x130 ()
>#4  0xc000000001f31290:0 in bio_filter_out_flush+0x190 ()
>   from /opt/hpws/apache/modules/mod_ssl.so
>#5  0xc000000001f31790:0 in bio_filter_out_write+0x190 ()
>   from /opt/hpws/apache/modules/mod_ssl.so
>#6  0xc000000001fd4540:0 in BIO_write+0x1a0 ()
>   from /opt/hpws/apache/modules/mod_ssl.so
>#7  0xc000000001fae0d0:0 in ssl3_send_alert+0x770 ()
>   from /opt/hpws/apache/modules/mod_ssl.so
>#8  0xc000000001fa73a0:0 in ssl3_shutdown+0xe0 ()
>   from /opt/hpws/apache/modules/mod_ssl.so
>#9  0xc000000001f7c540:0 in SSL_shutdown+0xe0 ()
>   from /opt/hpws/apache/modules/mod_ssl.so
>#10 0xc000000001f56120:0 in SSL_smart_shutdown+0x40 ()
>   from /opt/hpws/apache/modules/mod_ssl.so
>#11 0xc000000001f33b60:0 in ssl_filter_io_shutdown+0xd0 ()
>   from /opt/hpws/apache/modules/mod_ssl.so
>#12 0xc000000001f33da0:0 in ssl_io_filter_cleanup+0x60 ()
>(gdb) p node
>$1 = (struct apr_memnode_t *) 0x0
>(gdb) p index
>$2 = 0
>(gdb) fr 1
>#1  0xc000000001ba2fe0:0 in apr_pool_clear (pool=0x6000000000439e68)
>    at apr_pools.c:746
>746     in apr_pools.c
>(gdb) p pool->allocator
>$3 = (struct apr_allocator_t *) 0x60000000001abe90
>(gdb) p active->next
>$4 = (struct apr_memnode_t *) 0x0
>(gdb) p active
>$5 = (struct apr_memnode_t *) 0x6000000000439e40
>(gdb) p *active
>$6 = {next = 0x0, ref = 0x6000000000439e40, index = 1, free_index = 0, 
>  first_avail = 0x6000000000439ed0 "`", endp = 0x600000000043be40 "`"}

Re: SEGV in allocator_free

Posted by Sander Striker <st...@apache.org>.

On Fri, 2004-03-19 at 19:08, Mathihalli, Madhusudan wrote:
> Hi,
> 	I am trying to test a SSL Proxy server using sslswamp, and I'm running into the following segmentation fault !
> 
> There appears to be some missing error checks in the APR library - here's the backtrace:
> (Apache 2.0.48 - and I haven't tried 2.0.49)

Try running with --enable-pool-debug, and electric fence or valgrind.
See if you can trace it to usage of a pool after destruction or
somesuch.

Sander

Re: SEGV in allocator_free

Posted by Sander Striker <st...@apache.org>.

On Fri, 2004-03-19 at 19:08, Mathihalli, Madhusudan wrote:
> Hi,
> 	I am trying to test a SSL Proxy server using sslswamp, and I'm running into the following segmentation fault !
> 
> There appears to be some missing error checks in the APR library - here's the backtrace:
> (Apache 2.0.48 - and I haven't tried 2.0.49)

Try running with --enable-pool-debug, and electric fence or valgrind.
See if you can trace it to usage of a pool after destruction or
somesuch.

Sander