Project

General

Profile

Actions

Bug #1289

closed

lighttpd runs in endless loop on FreeBSD

Added by moo over 16 years ago. Updated over 16 years ago.

Status:
Fixed
Priority:
Normal
Category:
core
Target version:
ASK QUESTIONS IN Forums:

Description

lighttpd runs in endless loop on FreeBSD if a file was shrinked.

There are several programming errors in
branches/lighttpd-1.4.x/src/network_freebsd_sendfile.c

First, in line 152 is an off-by-one:


if (offset > sce->st.st_size) {
[ code deleted to pass the broken Akismet filter ]
    return -1;
}

it should be {{{
offset >= sce->st.st_size
}}}

it does not make sense to open a file and read data past
end of file.

This is harmless, sendfile(2) can handle this case:


     The offset argument specifies where to begin in the file.  Should offset
     fall beyond the end of file, the system will return success and report 0
     bytes sent as described below.  

but lighttpd does not check for 0 bytes sent (line 181-187). Now lighttpd
runs open/sendfile/close in an endless loop, read & send 0 bytes and
used 100% CPU time.

For a fix, see the linux sendfile implementation at
src/network_linux_sendfile.c line 177.

Actions #1

Updated by moo over 16 years ago

reported by

Actions #2

Updated by jan over 16 years ago

  • Status changed from New to Fixed
  • Resolution set to fixed

r1933 takes the code from the linux-sendfile handler as suggested.

Actions #3

Updated by jan over 16 years ago

r1934 fixes it for 1.5.x

Actions

Also available in: Atom