Ticket #841 (closed defect: fixed)

Opened 2 years ago

Last modified 4 months ago

Segmentation fault using fastcgi / php5-cgi

Reported by: kyr0 Assigned to: glen
Priority: highest Milestone:
Component: mod_fastcgi Version: 1.4.18
Severity: blocker Keywords: patch
Cc: Blocking:
Need Feedback: 0

Description (Last modified by jan)

Hi all,

I have a critical problem using lighty on Ubuntu Linux 6.06.1 Dapper "Linux kyr0desk 2.6.15-25-386 #1 PREEMPT Wed Jun 14 11:25:49 UTC 2006 i686 GNU/Linux" using the default Ubuntu universal repository lighttpd binary in version 1.4.11.

Lighty crashes by browsing to "localhost" using fastcgi with php5-cgi.

But it's not a php5-cgi problem: 

root@kyr0desk:/www# /usr/bin/php5-cgi index.php
X-Powered-By: PHP/5.1.2
Content-type: text/html

testroot@kyr0desk:/www#

index.php source: 

<?php

 echo("test");

?>

Attachments

lighty.bugreport.data (76.2 kB) - added by support@kyr0.org on 09/08/2006 12:14:08 PM.
strace, valgrind & internal lighttpd config
lighttpd_fix_841.patch (3.8 kB) - added by stbuehler on 01/15/2008 11:10:40 PM.
fix #841: Segmentation fault using fastcgi / php5-cgi

Change History

09/08/2006 12:14:08 PM changed by support@kyr0.org

  • attachment lighty.bugreport.data added.

strace, valgrind & internal lighttpd config

09/19/2006 04:48:00 AM changed by anonymous

I think its because php5-cgi hasn't been built with lighttpd support; the Ubuntu package depends on php4-cgi. I had the same problem on my first attempt. In any case, you can get it working - and probably working a heck of a lot faster - by using a socket instead of a port connection. ie, make the config:

fastcgi.server = (

".php" => (
"localhost" => (
"bin-path" => "/usr/bin/php5-cgi",
"socket" => "/tmp/php5-fcgi.socket",

)))

09/19/2006 07:56:26 AM changed by jan

  • status changed from new to assigned.
  • description changed.

Good catch, can you rebuild the strace with the option -s 512:

$ strace -s 512 -tt ...

Without the -s 512 the strings are cut off too early:

424 write(5, "2006-09-08 14:36:46: (mod_fastcg"..., 80) = 80 425 --- SIGSEGV (Segmentation fault) @ 0 (0) --- 426 +++ killed by SIGSEGV +++

and can you use the debug-version of lighty when you run valgrind ?

If you compiled from source a lighttpd-binary with debug-symbols is in the src/ folder:

$ file src/lighttpd lighttpd: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for GNU/Linux 2.2.5, dynamically linked (uses shared libs), for GNU/Linux 2.2.5, not stripped

Otherwise I don't get line-numbers for the segfault as you see below:

1192 ==11737== 1 errors in context 1 of 10: 1193 ==11737== Invalid write of size 4 1194 ==11737== at 0x45168B0: (within /usr/lib/lighttpd/mod_fastcgi.so) 1195 ==11737== by 0x805E5D6: plugins_call_handle_subrequest (in /usr/sbin/lighttpd) 1196 ==11737== by 0x804FCB6: http_response_prepare (in /usr/sbin/lighttpd) 1197 ==11737== by 0x805261C: connection_state_machine (in /usr/sbin/lighttpd) 1198 ==11737== by 0x80535A5: network_server_handle_fdevent (in /usr/sbin/lighttpd) 1199 ==11737== by 0x804E01E: main (in /usr/sbin/lighttpd) 1200 ==11737== Address 0x28 is not stack'd, malloc'd or (recently) free'd

08/13/2007 11:42:21 AM changed by darix

  • blocking changed.
  • pending changed.

please retest this bug on a newer release.

08/25/2007 10:52:41 AM changed by stbuehler

  • version changed from 1.4.11 to 1.4.16.
  • component changed from core to mod_fastcgi.

confirmed for 1.4.16

The problem is, that it is not clear in the source, if it is ok to not specify "host". The config sanity check requires the following:

  • that you do not set (host or port) AND unixsocket,
  • if unixsocket is not set -> tcp/ip
    • you set at least "host" or "bin-path"
    • port != 0

The struct docu says that for tcp/ip host AND port are needed.

Now some code (like fcgi_spawn_connection), accepts unspecified host for tcp, but not all code does, e.g. fcgi_write_request.

Try the patch below, which uses INADDR_LOOPBACK if host is not specified. Another possibility would be to spawn the fcgi-process with bind(INADDR_ANY) and connect to INADDR_LOOPBACK (just remove the second part of the patch, which changes INADDR_ANY to INADDR_LOOPBACK).

One problem remains: if the fastcgi-process does not die while the server gets restarted, the proc is marked as not local; if the fastcgi-process dies now, the server wont restart it, as it is not local, although it has a bin_path.

01/15/2008 11:10:05 PM changed by stbuehler

  • keywords set to patch.
  • version changed from 1.4.16 to 1.4.18.

I just read through the mod_fastcgi diff since 1.4.16 and i didn't find a fix for this, so i think it is just there (i did not test it again). Updated patch for current svn.

01/15/2008 11:10:40 PM changed by stbuehler

  • attachment lighttpd_fix_841.patch added.

fix #841: Segmentation fault using fastcgi / php5-cgi

01/16/2008 01:00:11 AM changed by glen

  • owner changed from jan to glen.
  • status changed from assigned to new.

01/16/2008 01:00:52 AM changed by glen

  • status changed from new to closed.
  • resolution set to fixed.

Committed revision [2037].

Add/Change #841 (Segmentation fault using fastcgi / php5-cgi)




Change Properties
Action