Ticket #928 (closed defect: worksforme)

Opened 23 months ago

Last modified 6 months ago

lighttpd seg faults with mod_scgi

Reported by: anonymous Owned by: jan
Priority: normal Milestone:
Component: mod_accesslog Version: 1.4.11
Severity: critical Keywords:
Cc: Blocked By:
Need User Feedback: no Blocking:

Description

We occasionally get segfaults when using mod_scgi. Today we manage to create a core dump and here is the backtrace: 

#0  0xb7dbc37b in log_access_write (srv=0x806b008, con=0x8077a38,
    p_d=0x8074908) at mod_accesslog.c:699
#1  0x0805c861 in plugins_call_handle_request_done (srv=0x806b008,
    con=0x8077a38) at plugin.c:265
#2  0x08051708 in connection_state_machine (srv=0x806b008, con=0x8077a38)
    at connections.c:1465
#3  0x0805232a in network_server_handle_fdevent (s=0x806b008,
    context=0x8072fd8, revents=1) at network.c:51
#4  0x0804daaa in main (argc=4, argv=0xbff47cc4) at server.c:1273

Change History

Changed 23 months ago by jakabosky

lighttpd is crashing when it tries to write the remote user name to the accesslog.

Most likely the con->authed_user variable is corrupted. The only place it is freed is during shutdown of lighttpd, so I think there is a memory corruption bug somewhere. I would run lighttpd under valgrind's memchecker.

Also if you still have the coredump run the following commands under gdb: 

print *con
print *(con->request.request_line)

If you are receiving a bad(corrupted) request, that is causing some memory corruption. The output from those commands should allow you to reproduce the bad request. Then use valgrind and make that same bad request.

I hope this helps.

Changed 6 months ago by stbuehler

  • status changed from new to closed
  • resolution set to worksforme
  • pending unset

Missing feedback.

Note: See TracTickets for help on using tickets.