You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Sander Temme <sa...@temme.net> on 2006/01/05 05:58:50 UTC

Some mod_mbox cores on ajax

... in /raid1/httpd-cores. I have made them 644 for perusal. There  
appears to be a core every couple of days, from the 2.1.10 image that  
was running on the box until tonight.

Unless I'm doing something wrong with gdb, they're not very useful.  
Here's a backtrace from core.11358:

#0  mbox_cte_escape_html (p=0x6000000000548188,
     s=0x60000000004e4ea8 '-' <repeats 200 times>...,  
len=18446744073709551522,
     body=0x60000000002b94d8) at mod_mbox_cte.c:82
#1  0x2000000001021600 in mbox_mime_display_static_structure (
     r=0x6000000000548188, m=0x60000000002b94d8,  
link=0x200000000103e938 "")
     at mod_mbox_mime.c:362

 From frame 1:

(gdb) print r->finfo->fname
$3 = 0x600000000053a157 "/<OF8CDE9A2E.B34E06CD-ON80256FCB. 
00546AFE-80256FCB.00553CC1@uk.ibm.com>"

Otherwise, the request_rec appears full of garbage. I don't know if  
this is because the server was built with -g -O2. Perhaps I need to  
load the module text before I can get meaningful data out of gdb?

core.6672:

(gdb) bt
#0  mbox_cte_escape_html (p=0x60000000003311a8,
     s=0x60000000005df628 '-' <repeats 200 times>...,  
len=18446744073709551522,
     body=0x60000000004bd498) at mod_mbox_cte.c:82
#1  0x2000000001021600 in mbox_mime_display_static_structure (
     r=0x60000000003311a8, m=0x60000000004bd498,  
link=0x200000000103e938 "")
     at mod_mbox_mime.c:362
Previous frame inner to this frame (corrupt stack?)

(gdb) print r->finfo->fname
$1 = 0x600000000041b937 "/<OF8CDE9A2E.B34E06CD-ON80256FCB. 
00546AFE-80256FCB.00553CC1@uk.ibm.com>"

Looks like the same as above. Note the remark about the possibility  
of stack corruption. Do we have something overwriting the stack frame?

The other three cores are for the same fname. Wonder what mail that  
is that seems to reproducably crash mod_mbox.

The httpd-2.2.0 I just installed is running the same mod_mbox code,  
so it's not unlikely that we'll see this happen again.

S.


-- 
sander@temme.net              http://www.temme.net/sander/
PGP FP: 51B4 8727 466A 0BC3 69F4  B7B8 B2BE BC40 1529 24AF

Re: Some mod_mbox cores on ajax

Posted by Maxime Petazzoni <ma...@bulix.org>.

Hi,

After some problems with SORBS, I can finally answer.

* Paul Querna <ch...@force-elite.com> [2006-01-04 22:09:28]:

> >(gdb) print r->finfo->fname
> >$1 = 0x600000000041b937 
> >"/<OF...@uk.ibm.com>"
> >
> 
> The source .mbox for this message id is:
> ws-axis-c-dev/200503.mbox

Quite funny actually. I recall a discussion on IRC about sending mail
with Lotus ... :)

These are extracted from the mail's headers :

 Subject: Re: ant and openssl
 X-Mailer: Lotus Notes Release 6.0.2CF1 June 9, 2003
 Message-ID: <OF...@uk.ibm.com>
 Content-Type: multipart/alternative; boundary=""

The problems comes from the empty boundary. The RFC1521 defining MIME
mail messages says :

   The only mandatory parameter for the multipart Content-Type is the
   boundary parameter, which consists of 1 to 70 characters from a set
   of characters known to be very robust through email gateways, and NOT
   ending with white space.

So we clearly are out of this definition. Anyway, my next commit
(r366174) handle the empty boundary case.

- Sam
-- 
Maxime Petazzoni (http://www.bulix.org)
 -- gone crazy, back soon. leave message.

Re: Some mod_mbox cores on ajax

Posted by Paul Querna <ch...@force-elite.com>.

Sander Temme wrote:
> ... in /raid1/httpd-cores. I have made them 644 for perusal. There 
> appears to be a core every couple of days, from the 2.1.10 image that 
> was running on the box until tonight.
> 
> Unless I'm doing something wrong with gdb, they're not very useful. 
> Here's a backtrace from core.11358:
> 
> #0  mbox_cte_escape_html (p=0x6000000000548188,
>     s=0x60000000004e4ea8 '-' <repeats 200 times>..., 
> len=18446744073709551522,
>     body=0x60000000002b94d8) at mod_mbox_cte.c:82
> #1  0x2000000001021600 in mbox_mime_display_static_structure (
>     r=0x6000000000548188, m=0x60000000002b94d8, link=0x200000000103e938 "")
>     at mod_mbox_mime.c:362
> 
>  From frame 1:
> 
> (gdb) print r->finfo->fname
> $3 = 0x600000000053a157 
> "/<OF...@uk.ibm.com>"
> 
> Otherwise, the request_rec appears full of garbage. I don't know if this 
> is because the server was built with -g -O2. Perhaps I need to load the 
> module text before I can get meaningful data out of gdb?
> 
> core.6672:
> 
> (gdb) bt
> #0  mbox_cte_escape_html (p=0x60000000003311a8,
>     s=0x60000000005df628 '-' <repeats 200 times>..., 
> len=18446744073709551522,
>     body=0x60000000004bd498) at mod_mbox_cte.c:82
> #1  0x2000000001021600 in mbox_mime_display_static_structure (
>     r=0x60000000003311a8, m=0x60000000004bd498, link=0x200000000103e938 "")
>     at mod_mbox_mime.c:362
> Previous frame inner to this frame (corrupt stack?)
> 
> (gdb) print r->finfo->fname
> $1 = 0x600000000041b937 
> "/<OF...@uk.ibm.com>"
> 

The source .mbox for this message id is:
ws-axis-c-dev/200503.mbox