You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2005/06/01 20:46:59 UTC
DO NOT REPLY [Bug 35160] New: -
Segmentation fault due to improper invocation of ap_hook_translate_name
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=35160>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=35160
Summary: Segmentation fault due to improper invocation of
ap_hook_translate_name
Product: Apache httpd-2.0
Version: 2.0.54
Platform: Sun
OS/Version: Solaris
Status: NEW
Severity: major
Priority: P2
Component: Core
AssignedTo: bugs@httpd.apache.org
ReportedBy: asmorgrav@yahoo.no
A reverse proxy using mod_rewrite with rewrite maps dumps core.
The following message appears in the error log:
[Wed Jun 01 13:45:23 2005] [notice] child pid 6796 exit signal Segmentation faul
t (11), possible coredump in /centuri/axe1/apache/httpd2/apache8
Contents of the invocation stack:
#0 0xfee33218 in strlen () from /usr/lib/libc.so.1
#1 0x00066d5c in hook_uri2file (r=0x6301e0) at mod_rewrite.c:1204
#2 0x000a2b18 in ap_run_translate_name (r=0x6301e0) at request.c:65
#3 0x000a3e30 in ap_process_request_internal (r=0x6301e0) at request.c:139
#4 0x00049dec in ap_process_request (r=0x6301e0) at http_request.c:244
#5 0x000410e8 in ap_process_http_connection (c=0x6057c8) at http_core.c:250
#6 0x0008d5b0 in ap_run_process_connection (c=0x6057c8) at connection.c:42
#7 0x0008dba0 in ap_process_connection (c=0x6057c8, csd=0x6056d8)
at connection.c:175
#8 0x0007245c in process_socket (p=
The rewrite log (RewriteLogLevel 3) of a sequence that causes coredump:
150.175.29.7 - - [01/Jun/2005:13:45:20 +0200] [centuri/sid#2191a8]
[rid#523870/initial] (2) init rewrite engine with requested
uri /gamma/background_menu.gif
150.175.29.7 - - [01/Jun/2005:13:45:20 +0200] [centuri/sid#2191a8]
[rid#523870/initial] (3) applying pattern '.*' to
uri '/gamma/background_menu.gif'
150.175.29.7 - - [01/Jun/2005:13:45:20 +0200] [centuri/sid#2191a8]
[rid#523870/initial] (3) applying pattern '^(.*)$' to
uri '/gamma/background_menu.gif'
150.175.29.7 - - [01/Jun/2005:13:45:20 +0200] [centuri/sid#2191a8]
[rid#523870/initial] (3) applying pattern '^(.*)$' to
uri '/gamma/background_menu.gif'
150.175.29.7 - - [01/Jun/2005:13:45:20 +0200] [centuri/sid#2191a8]
[rid#523870/initial] (2) rewrite /gamma/background_menu.gif -
> /ADPEHCRELEASE/1/gamma/background_menu.gif
150.175.29.7 - - [01/Jun/2005:13:45:20 +0200] [centuri/sid#2191a8]
[rid#523870/initial] (2) forcing proxy-throughput with
http://centuri:3080/ADPEHCRELEASE/1/gamma/background_menu.gif
150.175.29.7 - - [01/Jun/2005:13:45:20 +0200] [centuri/sid#2191a8]
[rid#523870/initial] (1) go-ahead with proxy request
proxy:http://centuri:3080/ADPEHCRELEASE/1/gamma/background_menu.gif [OK]
150.175.29.7 - - [01/Jun/2005:13:45:20 +0200] [centuri/sid#2191a8]
[rid#8e8650/initial] (2) uri already rewritten. Status 1,
Uri /ADPEHCRELEASE/1/gamma/background_menu.gif, r->filename (null)
150.175.29.7 - - [01/Jun/2005:13:45:20 +0200] [centuri/sid#2191a8]
[rid#8e8650/initial] (2) r->filename is NULL for
URI /ADPEHCRELEASE/1/gamma/background_menu.gif
The last log entry was added to the code by myself.
Note that after the "go-ahead with proxy request" log entry, the hook is
invoked again with a NULL request filename.
The code being the direct cause of the core dump is
if (strlen(r->filename) > 6 &&
strncmp(r->filename, "proxy:", 6) == 0) {
/* it should be go on as an internal proxy request */
It actually does look like the HTTP request is served despite the segmentation
fault.
Apart from the fact that mod_rewrite probably should have handled a null
filename, it seems like the root cause lies outside mod_rewrite.
The problem occurs in Apache 2.0.54 as well as in Apache 2.0.52 with the
mod_rewrite from 2.0.54 as well as mod_rewrite from 2.0.52. In all cases MPM
worker was used. The core dumps appear to occur randomly and the problem is
hard to reproduce.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org