You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2005/06/01 20:46:59 UTC

DO NOT REPLY [Bug 35160] New: - Segmentation fault due to improper invocation of ap_hook_translate_name

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=35160>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=35160

           Summary: Segmentation fault due to improper invocation of
                    ap_hook_translate_name
           Product: Apache httpd-2.0
           Version: 2.0.54
          Platform: Sun
        OS/Version: Solaris
            Status: NEW
          Severity: major
          Priority: P2
         Component: Core
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: asmorgrav@yahoo.no


A reverse proxy using mod_rewrite with rewrite maps dumps core.

The following message appears in the error log:

[Wed Jun 01 13:45:23 2005] [notice] child pid 6796 exit signal Segmentation faul
t (11), possible coredump in /centuri/axe1/apache/httpd2/apache8

Contents of the invocation stack:

#0  0xfee33218 in strlen () from /usr/lib/libc.so.1
#1  0x00066d5c in hook_uri2file (r=0x6301e0) at mod_rewrite.c:1204
#2  0x000a2b18 in ap_run_translate_name (r=0x6301e0) at request.c:65
#3  0x000a3e30 in ap_process_request_internal (r=0x6301e0) at request.c:139
#4  0x00049dec in ap_process_request (r=0x6301e0) at http_request.c:244
#5  0x000410e8 in ap_process_http_connection (c=0x6057c8) at http_core.c:250
#6  0x0008d5b0 in ap_run_process_connection (c=0x6057c8) at connection.c:42
#7  0x0008dba0 in ap_process_connection (c=0x6057c8, csd=0x6056d8)
    at connection.c:175
#8  0x0007245c in process_socket (p=

The rewrite log (RewriteLogLevel 3) of a sequence that causes coredump:

150.175.29.7 - - [01/Jun/2005:13:45:20 +0200] [centuri/sid#2191a8]
[rid#523870/initial] (2) init rewrite engine with requested 
uri /gamma/background_menu.gif
150.175.29.7 - - [01/Jun/2005:13:45:20 +0200] [centuri/sid#2191a8]
[rid#523870/initial] (3) applying pattern '.*' to 
uri '/gamma/background_menu.gif'
150.175.29.7 - - [01/Jun/2005:13:45:20 +0200] [centuri/sid#2191a8]
[rid#523870/initial] (3) applying pattern '^(.*)$' to 
uri '/gamma/background_menu.gif'
150.175.29.7 - - [01/Jun/2005:13:45:20 +0200] [centuri/sid#2191a8]
[rid#523870/initial] (3) applying pattern '^(.*)$' to 
uri '/gamma/background_menu.gif'
150.175.29.7 - - [01/Jun/2005:13:45:20 +0200] [centuri/sid#2191a8]
[rid#523870/initial] (2) rewrite /gamma/background_menu.gif -
> /ADPEHCRELEASE/1/gamma/background_menu.gif
150.175.29.7 - - [01/Jun/2005:13:45:20 +0200] [centuri/sid#2191a8]
[rid#523870/initial] (2) forcing proxy-throughput with 
http://centuri:3080/ADPEHCRELEASE/1/gamma/background_menu.gif
150.175.29.7 - - [01/Jun/2005:13:45:20 +0200] [centuri/sid#2191a8]
[rid#523870/initial] (1) go-ahead with proxy request 
proxy:http://centuri:3080/ADPEHCRELEASE/1/gamma/background_menu.gif [OK]
150.175.29.7 - - [01/Jun/2005:13:45:20 +0200] [centuri/sid#2191a8]
[rid#8e8650/initial] (2) uri already rewritten. Status 1, 
Uri /ADPEHCRELEASE/1/gamma/background_menu.gif, r->filename (null)
150.175.29.7 - - [01/Jun/2005:13:45:20 +0200] [centuri/sid#2191a8]
[rid#8e8650/initial] (2) r->filename is NULL for 
URI /ADPEHCRELEASE/1/gamma/background_menu.gif

The last log entry was added to the code by myself.

Note that after the "go-ahead with proxy request" log entry, the hook is 
invoked again with a NULL request filename.

The code being the direct cause of the core dump is
        if (strlen(r->filename) > 6 &&
            strncmp(r->filename, "proxy:", 6) == 0) {
            /* it should be go on as an internal proxy request */

It actually does look like the HTTP request is served despite the segmentation 
fault.

Apart from the fact that mod_rewrite probably should have handled a null 
filename, it seems like the root cause lies outside mod_rewrite.

The problem occurs in Apache 2.0.54 as well as in Apache 2.0.52 with the 
mod_rewrite from 2.0.54 as well as mod_rewrite from 2.0.52. In all cases MPM 
worker was used. The core dumps appear to occur randomly and the problem is 
hard to reproduce.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org