Ticket #1263 (closed defect: fixed)

Opened 1 year ago

Last modified 2 months ago

Segmentation fault in mod_scgi

Reported by: jtate Assigned to: jan
Priority: normal Milestone: 1.4.16
Component: core Version: 1.4.15
Severity: normal Keywords:
Cc: Blocking:
Need Feedback: 0

Description

I believe this happens when an existing scgi request is in progress when the other side of the scgi socket closes the connection.

Here's the backtrace from gdb 

(gdb) bt
#0  0xb7cb5d3b in strlen () from /lib/libc.so.6
#1  0x0805ba75 in buffer_append_string (b=0x806f308, s=0xd <Address 0xd out of bounds>) at buffer.c:171
#2  0x0805cf81 in log_error_write (srv=0x806f008, filename=0xd <Address 0xd out of bounds>, line=13,
    fmt=0xb7ef91c2 "sd") at log.c:192
#3  0xb7ef7a2d in scgi_handle_fdevent (s=0x806f008, ctx=0x80c1fe0, revents=25) at mod_scgi.c:2539
#4  0x0804e52e in main (argc=14, argv=0xbff62744) at server.c:1309

I'll attach the valgrind log.

Attachments

lighttpd.14669 (22.2 kB) - added by jtate on 07/16/2007 07:30:13 PM.
valgrind log
murder-lighttpd.py (1.6 kB) - added by jtate on 07/17/2007 05:10:21 PM.
Python SCGI server that kills lighttpd
lighttpd.conf.test (1.5 kB) - added by jtate on 07/17/2007 05:10:54 PM.
test configuration

Change History

07/16/2007 07:30:13 PM changed by jtate

  • attachment lighttpd.14669 added.

valgrind log

07/17/2007 02:18:46 AM changed by moo

i'm not sure, but from your descrption, possible reproduce case is:

  1. write a scgi backend script that sleep(100);
  2. request it from client->lighttpd->scgi-backend
  3. kill the scgi-backend

07/17/2007 04:35:45 AM changed by darix

this is really 1.4.15 and not 1.4.12 or older?

07/17/2007 05:37:51 AM changed by jtate

Yes, 1.4.15: 

lighttpd-1.4.15 (ssl) - a light and fast webserver
Build-Date: Apr 17 2007 23:55:24

Event Handlers:

        + select (generic)
        + poll (Unix)
        + rt-signals (Linux 2.4+)
        + epoll (Linux 2.6)
        - /dev/poll (Solaris)
        - kqueue (FreeBSD)

Network handler:

        + sendfile

Features:

        + IPv6 support
        + zlib support
        + bzip2 support
        + crypt support
        + SSL Support
        + PCRE support
        - mySQL support
        - LDAP support
        - memcached support
        - FAM support
        - LUA support
        - xml support
        - SQLite support
        - GDBM support

07/17/2007 05:10:21 PM changed by jtate

  • attachment murder-lighttpd.py added.

Python SCGI server that kills lighttpd

07/17/2007 05:10:54 PM changed by jtate

  • attachment lighttpd.conf.test added.

test configuration

07/17/2007 06:04:09 PM changed by jan

  • status changed from new to closed.
  • resolution set to fixed.

fixed in [1882]

This only happens on 32bit apps where sizeof(off_t) != sizeof(int). We use the wrong format specifier.

07/17/2007 06:04:15 PM changed by jan

  • milestone changed from 1.5.0 to 1.4.16.

Add/Change #1263 (Segmentation fault in mod_scgi)




Change Properties
Action