You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Ben Laurie <be...@gonzo.ben.algroup.co.uk> on 1997/01/14 19:43:45 UTC

Re: [BUG]: "httpd children dump core on SIGSEGV" on HPUX

Rob Hartill wrote:
> 
> 
> Hi,
> 
> Thanks for all the information. I'll pass it on to the developers.
> 
> cheers,
> rob
> 
> On Tue, 14 Jan 1997 adrian@virginia.edu wrote:
> 
> > Submitter: adrian@virginia.edu
> > Operating system: HPUX, version: 10.10
> > Version of Apache Used: 1.2b4
> > Extra Modules used: only stock modules
> > URL exhibiting problem: 
> > 
> > Symptoms:
> > --
> > The children for the httpd dump core on SIGSEGV
> > regularly.  In 24 hours, 41 children dumped core.
> > 
> > --
> > 
> > Backtrace:
> > --
> > >>> commentary at end <<<
> > 
> > (gdb) core core
> > Core was generated by `httpd'.
> > Program terminated with signal 6, Aborted.
> > warning: The shared libraries were not privately mapped; setting a
> > breakpoint in a shared library will not work until you rerun the program.
> > 
> > Reading symbols from /usr/local/sbin/httpd...done.
> > Reading symbols from /usr/lib/libc.1...done.
> > Reading symbols from /usr/lib/libdld.1...done.
> > #0  0xc01287a8 in _kill ()
> > (gdb) backtrace
> > #0  0xc01287a8 in _kill ()
> > #1  0xc00b3944 in _raise ()
> > #2  0xc007cb08 in abort ()
> > #3  0x14f00 in seg_fault () at http_main.c:1167
> > #4  <signal handler called>
> > #5  0x15c90 in child_main (child_num_arg=
> > Cannot access memory at address 0x6ffdc.
> > ) at http_main.c:1547
> > Cannot access memory at address 0x6ffec.
> > (gdb) 
> > 
> > >>> commentary <<<
> > 
> > The fault is at http_main.c:1548:
> > 
> > 	clen=sizeof(sa_client);
> > 
> > The problem appears to be that sa_client does not
> > have a valid address.  Why this is necessary is 
> > beyond me.  gcc should be calculating the sizeof
> > value at compile time.  This makes me suspect it
> > is a compiler bug.
> > 
> > 	FYI, I am using gcc-2.7.2.1 and I get the
> > same results whether I compile with or without
> > debugging info.

Actually, this has the nasty look of stack pointer corruption. The fact that
it cannot access child_num_arg indicates that, and, since clen is also stored
relative to the stack frame pointer, that would also be consistent. As is
correctly stated above, the sizeof is calculated at compile time.

The usual cause of this is overrunning an array based on the stack.

Cheers,

Ben.

-- 
Ben Laurie                Phone: +44 (181) 994 6435  Email: ben@algroup.co.uk
Freelance Consultant and  Fax:   +44 (181) 994 6472
Technical Director        URL: http://www.algroup.co.uk/Apache-SSL
A.L. Digital Ltd,         Apache Group member (http://www.apache.org)
London, England.          Apache-SSL author