You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by GitBox <gi...@apache.org> on 2020/08/13 23:53:03 UTC
[GitHub] [trafficserver] maskit opened a new issue #7115: Crash due to null pointer dereference in QUICBidirectionalStream::will_generate_frame
maskit opened a new issue #7115:
URL: https://github.com/apache/trafficserver/issues/7115
Found on docs server
```
(gdb) bt
#0 0x00000000007c9d26 in IOBufferReader::is_read_avail_more_than (this=0x0, size=0) at /usr/local/src/trafficserver/iocore/eventsystem/P_IOBuffer.h:538
#1 0x0000000000b14ad5 in QUICBidirectionalStream::will_generate_frame (this=0x2acd3320c000, level=QUICEncryptionLevel::ONE_RTT, current_packet_size=6, ack_eliciting=false, seq_num=973) at QUICBidirectionalStream.cc:359
#2 0x0000000000ac74b5 in QUICStreamManager::will_generate_frame (this=0x2acd4041a2c0, level=QUICEncryptionLevel::ONE_RTT, current_packet_size=6, ack_eliciting=false, seq_num=973) at QUICStreamManager.cc:426
#3 0x0000000000a42167 in QUICNetVConnection::_packetize_frames (this=0x2acd422a12c0, packet_buf=0x2acd304006a0 "\360\006@0\315*", level=QUICEncryptionLevel::ONE_RTT, max_packet_size=1280, frames=std::vector of length 1, capacity 1 = {...}) at QUICNetVConnection.cc:1685
#4 0x0000000000a412a3 in QUICNetVConnection::_state_common_send_packet (this=0x2acd422a12c0) at QUICNetVConnection.cc:1529
#5 0x0000000000a3e093 in QUICNetVConnection::state_connection_established (this=0x2acd422a12c0, event=2501, data=0x2acd2e704720) at QUICNetVConnection.cc:900
#6 0x000000000075dc05 in Continuation::handleEvent (this=0x2acd422a12c0, event=2501, data=0x2acd2e704720) at /usr/local/src/trafficserver/iocore/eventsystem/I_Continuation.h:190
#7 0x0000000000a834e9 in EThread::process_event (this=0x2acd2f513000, e=0x2acd2e704720, calling_code=2501) at UnixEThread.cc:127
#8 0x0000000000a83a8f in EThread::execute_regular (this=0x2acd2f513000) at UnixEThread.cc:236
#9 0x0000000000a83dcd in EThread::execute (this=0x2acd2f513000) at UnixEThread.cc:327
#10 0x0000000000a82839 in spawn_thread_internal (a=0x2acd2e6f58c0) at Thread.cc:92
#11 0x00002acd2c6e7ea5 in start_thread () from /lib64/libpthread.so.0
#12 0x00002acd2d41d8dd in clone () from /lib64/libc.so.6
```
On frame 1
```
(gdb) p this->_write_vio
$1 = {
cont = 0x0,
nbytes = 0,
ndone = 0,
op = 0,
buffer = {
name = 0x0,
mbuf = 0x0,
entry = 0x0
},
vc_server = 0x0,
mutex = {
m_ptr = 0x0
},
_disabled = false
}
(gdb) p this->handler
$2 = (int (Continuation::*)(Continuation * const, int, void *)) 0xb13032 <QUICBidirectionalStream::state_stream_open(int, void*)>
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficserver] zwoop closed issue #7115: Crash due to null pointer dereference in QUICBidirectionalStream::will_generate_frame
Posted by GitBox <gi...@apache.org>.
zwoop closed issue #7115:
URL: https://github.com/apache/trafficserver/issues/7115
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficserver] maskit commented on issue #7115: Crash due to null pointer dereference in QUICBidirectionalStream::will_generate_frame
Posted by GitBox <gi...@apache.org>.
maskit commented on issue #7115:
URL: https://github.com/apache/trafficserver/issues/7115#issuecomment-673779065
The stream seems like to be created by receiving RESET_STREAM frame according to `_state` below. If so, uninitialized `_write_vio` makes sense because no data would be transferred between the stream and the application. We probably need to add a check for availability of `_write_vio`.
this->_state
```
_state = {
<QUICStreamStateMachine<QUICBidirectionalStreamState>> = {
_vptr.QUICStreamStateMachine = 0xbe8c98 <vtable for QUICBidirectionalStreamStateMachine+16>,
_state = QUICBidirectionalStreamState::Init
},
members of QUICBidirectionalStreamStateMachine:
_send_stream_state = {
<QUICUnidirectionalStreamStateMachine> = {
_in_progress = 0x0,
_out_progress = 0x2acd3320c208
},
<QUICStreamStateMachine<QUICSendStreamState>> = {
_vptr.QUICStreamStateMachine = 0xbe8cf0 <vtable for QUICSendStreamStateMachine+16>,
_state = QUICSendStreamState::Ready
}, <No data fields>},
_recv_stream_state = {
<QUICUnidirectionalStreamStateMachine> = {
_in_progress = 0x2acd3320c1e0,
_out_progress = 0x0
},
<QUICStreamStateMachine<QUICReceiveStreamState>> = {
_vptr.QUICStreamStateMachine = 0xbe8d48 <vtable for QUICReceiveStreamStateMachine+16>,
_state = QUICReceiveStreamState::ResetRecvd
}, <No data fields>}
}
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org