You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2008/07/21 11:51:02 UTC
DO NOT REPLY [Bug 45444] New: overlapping memcpy in ssl_io_input_read
https://issues.apache.org/bugzilla/show_bug.cgi?id=45444
Summary: overlapping memcpy in ssl_io_input_read
Product: Apache httpd-2
Version: 2.2.9
Platform: PC
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: mod_ssl
AssignedTo: bugs@httpd.apache.org
ReportedBy: frederic.heem@telsey.it
Hi,
Valgrind has found a problem related to an overlapping memcpy in mod_ssl
(Apache/2.2.9 (Unix)), here is the output:
==18546== Thread 5:
==18546== Source and destination overlap in memcpy(0x425E0E8, 0x425E10E, 141)
==18546== at 0x4007A42: memcpy (mc_replace_strmem.c:402)
==18546== by 0x446C464: ssl_io_input_read (in
/usr/local/apache2/modules/mod_ssl.so)
==18546== by 0x446C781: ssl_io_filter_input (in
/usr/local/apache2/modules/mod_ssl.so)
==18546== by 0x8068DB5: ap_rgetline_core (in /usr/local/apache2/bin/httpd)
==18546== by 0x80690CE: ap_get_mime_headers_core (in
/usr/local/apache2/bin/httpd)
==18546== by 0x80696FC: ap_read_request (in /usr/local/apache2/bin/httpd)
==18546== by 0x80799DA: ap_process_http_connection (in
/usr/local/apache2/bin/httpd)
==18546== by 0x8076CEC: ap_run_process_connection (in
/usr/local/apache2/bin/httpd)
==18546== by 0x807FFD3: worker_thread (in /usr/local/apache2/bin/httpd)
==18546== by 0x4057603: dummy_worker (in
/usr/local/apache2/lib/libapr-1.so.0.3.0)
==18546== by 0x8E145A: start_thread (in /lib/libpthread-2.5.so)
==18546== by 0x71323D: clone (in /lib/libc-2.5.so)
This happens when a client sends a https request, regardless on the type of
request.
Let me know if you need more information.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 45444] overlapping memcpy in ssl_io_input_read
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=45444
Joe Orton <jo...@redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
--- Comment #4 from Joe Orton <jo...@redhat.com> 2008-08-06 07:58:25 PST ---
Fixed on trunk - thanks for the report and getting the backtrace.
http://svn.apache.org/viewvc?rev=683280&view=rev
Code made more efficient in following commit:
http://svn.apache.org/viewvc?rev=683283&view=rev
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 45444] overlapping memcpy in ssl_io_input_read
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=45444
--- Comment #5 from Jackie Rosen <ja...@hushmail.com> ---
*** Bug 260998 has been marked as a duplicate of this bug. ***
Seen from the domain http://volichat.com
Page where seen: http://volichat.com/adult-chat-rooms
Marked for reference. Resolved as fixed @bugzilla.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 45444] overlapping memcpy in ssl_io_input_read
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=45444
--- Comment #3 from Joe Orton <jo...@redhat.com> 2008-08-06 05:57:40 PST ---
It seems like the code is indeed bogus, for the input getline case:
-> getline the first time
-> inctx->cbuf is empty
-> read block from SSL layer into inctx->buffer
-> pass back first line, stash remainder of inctx->buffer at inctx->cbuf
-> getline the second time
-> inctx->cbuf non-empty! copy entire inctx->cbuf into inctx->buffer
which results in the overlapping memcpy, and is pretty inefficient to boot; for
N GETLINE calls to read the entire HTTP request, the buffer gets copied over
itself N times.
Changing it to a memmove seems safe enough.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 45444] overlapping memcpy in ssl_io_input_read
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=45444
--- Comment #1 from Joe Orton <jo...@redhat.com> 2008-07-23 07:03:51 PST ---
Is it possible that you can get it to dump core, and get a backtrace with line
numbers from the core dump?
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 45444] overlapping memcpy in ssl_io_input_read
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=45444
--- Comment #2 from Frederic Heem <fr...@telsey.it> 2008-07-23 08:13:46 PST ---
Here you are:
==23377== Thread 5:
==23377== Source and destination overlap in memcpy(0x427DE58, 0x427DE7E, 142)
==23377== at 0x4007A42: memcpy (mc_replace_strmem.c:402)
==23377== by 0x44795FE: ssl_io_input_read (ssl_engine_io.c:353)
==23377== by 0x44798DC: ssl_io_filter_input (ssl_engine_io.c:727)
==23377== by 0x806ACA2: ap_rgetline_core (protocol.c:231)
==23377== by 0x806B08B: ap_get_mime_headers_core (protocol.c:690)
==23377== by 0x806B8C2: ap_read_request (protocol.c:918)
==23377== by 0x8081864: ap_process_http_connection (http_core.c:183)
==23377== by 0x807DA48: ap_run_process_connection (connection.c:43)
==23377== by 0x80898C2: worker_thread (worker.c:544)
==23377== by 0x4060D05: dummy_worker (thread.c:142)
==23377== by 0x8E145A: start_thread (in /lib/libpthread-2.5.so)
==23377== by 0x71323D: clone (in /lib/libc-2.5.so)
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org