Return-Path: 
 <dev-return-26411-apmail-apr-dev-archive=apr.apache.org@apr.apache.org>
X-Original-To: apmail-apr-dev-archive@www.apache.org
Delivered-To: apmail-apr-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 79525177C8
	for <apmail-apr-dev-archive@www.apache.org>;
 Wed, 23 Sep 2015 19:24:01 +0000 (UTC)
Received: (qmail 75788 invoked by uid 500); 23 Sep 2015 19:24:01 -0000
Delivered-To: apmail-apr-dev-archive@apr.apache.org
Received: (qmail 75712 invoked by uid 500); 23 Sep 2015 19:24:01 -0000
Mailing-List: contact dev-help@apr.apache.org; run by ezmlm
Precedence: bulk
List-Post: <mailto:dev@apr.apache.org>
List-Help: <mailto:dev-help@apr.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@apr.apache.org>
List-Id: <dev.apr.apache.org>
Delivered-To: mailing list dev@apr.apache.org
Received: (qmail 75700 invoked by uid 99); 23 Sep 2015 19:24:01 -0000
Received: from Unknown (HELO spamd4-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 23 Sep 2015 19:24:01 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org)
 with ESMTP id C0E3AC1249
	for <dev@apr.apache.org>; Wed, 23 Sep 2015 19:24:00 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 2.893
X-Spam-Level: **
X-Spam-Status: No, score=2.893 tagged_above=-999 required=6.31
	tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
	HTML_MESSAGE=3, RCVD_IN_MSPIKE_H2=-0.001, RP_MATCHES_RCVD=-0.006,
	SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=disabled
Authentication-Results: spamd4-us-west.apache.org (amavisd-new);
	dkim=pass (2048-bit key) header.d=google.com
Received: from mx1-us-west.apache.org ([10.40.0.8])
	by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new,
 port 10024)
	with ESMTP id cnhjJaBvfwFE for <dev@apr.apache.org>;
	Wed, 23 Sep 2015 19:23:59 +0000 (UTC)
Received: from mail-yk0-f172.google.com (mail-yk0-f172.google.com
 [209.85.160.172])
	by mx1-us-west.apache.org (ASF Mail Server at mx1-us-west.apache.org) with
 ESMTPS id 8305520864
	for <dev@apr.apache.org>; Wed, 23 Sep 2015 19:23:59 +0000 (UTC)
Received: by ykdt18 with SMTP id t18so52017686ykd.3
        for <dev@apr.apache.org>; Wed, 23 Sep 2015 12:23:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20120113;
        h=mime-version:date:message-id:subject:from:to:content-type;
        bh=9vHClAE6WhRqqdECzrG1IJFrLshI1g3J5l/rMWgqEMg=;
        b=UTo5I7T+bXkU9jG5sHmHUfUXyx97w+EVApMaXhG2FHmZIxP8kLPhtxI9ZBjvyGwmMq
         q/MfEGL74Fj+PL2L30WthYGvSB4Z98fEwZW4WfcL5In3AuNK/gbgjUSEu1zakuICQD1w
         6M+aTQvaOg0WpLmSc4K1vsblATJCJ7iZOzYP/gZGw9Q+VIVkcuJxyqJIrWU2tORi3rhk
         yBpCyzyAfJH9mnPSEHlh7U73DzXaeJpZkcIIRoOsPFxScx3fC6rZ9Y1Fy2+AbFUWipfm
         OnYlSjUZPZgnmDF8MiEHp1qOCa6clGIYxfE6hK49IO87p8OhJq3cPnwIawQHFC7D2JR1
         2KTg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:date:message-id:subject:from:to
         :content-type;
        bh=9vHClAE6WhRqqdECzrG1IJFrLshI1g3J5l/rMWgqEMg=;
        b=OCJbtYh3v4nqXkgNvw6HxeUn4oKOwRiBrGI3EQYVZHT1BrkTw/6598Mqvm0miQjKcz
         UR1xDO5QxsE3KnLtniw/fj8g9fSNHmGsDbXKosPlAQe66iW/uEKsGjZAGyvSnuhgnx7u
         xYhaqjX2YqqwZ6K7GMZzZZ8tqj9p88rQtmNqF00KO+A4CIVmYwOdHbSNQhSaM6og7SHP
         cJVCJcbcuW4Wh35fsn4wywdVUCI8zd9pStzAK/agnfGd5YO3gWKZ9O1x7fJXqn8W3/KT
         1VB2ZHprbKdOej61cjam9RzJrGILxTAq0BW7yEJGqgGhmPSBZHiR2tFwW4PfGpjyqHwa
         aNmw==
X-Gm-Message-State: 
 ALoCoQlWBpT9uhzVcFbsjtr3sPY/sbXtuCv4a5kD9PC4gowXRmnGI6GnmtxV/CeFkK4/xrdUbLSK
MIME-Version: 1.0
X-Received: by 10.129.116.84 with SMTP id p81mr28012622ywc.1.1443036238559;
 Wed, 23 Sep 2015 12:23:58 -0700 (PDT)
Received: by 10.129.44.137 with HTTP; Wed, 23 Sep 2015 12:23:58 -0700 (PDT)
Date: Wed, 23 Sep 2015 15:23:58 -0400
Message-ID: 
 <CA+7dWMGtFvoodXuntFeNFSAv=-+A0Y8u=-No6G49GDU+NT=uyQ@mail.gmail.com>
Subject: Issues/questions with apr_memcache_multigetp
From: Jeffrey Crowell <jcrowell@google.com>
To: dev@apr.apache.org
Content-Type: multipart/alternative; boundary=001a1141cd9a661f8d05206f0edf

--001a1141cd9a661f8d05206f0edf
Content-Type: text/plain; charset=UTF-8

Hi,

I work on mod_pagespeed, where we use a forked version of apr_memcache.c (
https://github.com/pagespeed/mod_pagespeed/blob/master/third_party/aprutil/apr_memcache2.c)
to interact with memcached.

Recently we've become aware of a bug where we end up hanging in
apr_memcache2_multigetp, pinning cpu at 100%.

We have some patches which were created in an attempt to fix some signed
bugs in the original code that I think may be causing our issue.

Namely here:
https://github.com/pagespeed/mod_pagespeed/blob/master/third_party/aprutil/apr_memcache2.c#L1453
 vs here
https://gist.github.com/crowell/59bfa1bb9f0cda30c48a#file-multiget-c-L192
The original code uses an atoi(), which has undefined behavior when called
on non integer strings, leaving len to be 0.

Second, the check here
https://github.com/pagespeed/mod_pagespeed/blob/master/third_party/aprutil/apr_memcache2.c#L1457
vs https://gist.github.com/crowell/59bfa1bb9f0cda30c48a#file-multiget-c-L199

In the original apr code, this check will never fail. len is an apr_size_t,
and will never be < 0.

The issue here now is that the check in the "server sent back a key that i
didn't ask for"
https://github.com/pagespeed/mod_pagespeed/blob/master/third_party/aprutil/apr_memcache2.c#L1507
(same in both forked and upstream), apr_pollset_remove, is never called,
and the number of queries sent is never changed.

Does it seem possible that this is causing the server to spin here, and
would apr be interested in accepting a patch to fix the signedness issues?

Thanks,
Jeff

--001a1141cd9a661f8d05206f0edf
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Hi,<div><br></div><div>I work on mod_pagespeed, where we u=
se a forked version of apr_memcache.c (<a href=3D"https://github.com/pagesp=
eed/mod_pagespeed/blob/master/third_party/aprutil/apr_memcache2.c">https://=
github.com/pagespeed/mod_pagespeed/blob/master/third_party/aprutil/apr_memc=
ache2.c</a>) to interact with memcached.</div><div><br></div><div>Recently =
we&#39;ve become aware of a bug where we end up hanging in apr_memcache2_mu=
ltigetp, pinning cpu at 100%.</div><div><br></div><div>We have some patches=
 which were created in an attempt to fix some signed bugs in the original c=
ode that I think may be causing our issue.</div><div><br></div><div>Namely =
here:=C2=A0<a href=3D"https://github.com/pagespeed/mod_pagespeed/blob/maste=
r/third_party/aprutil/apr_memcache2.c#L1453">https://github.com/pagespeed/m=
od_pagespeed/blob/master/third_party/aprutil/apr_memcache2.c#L1453</a> =C2=
=A0vs here=C2=A0<a href=3D"https://gist.github.com/crowell/59bfa1bb9f0cda30=
c48a#file-multiget-c-L192">https://gist.github.com/crowell/59bfa1bb9f0cda30=
c48a#file-multiget-c-L192</a></div><div>The original code uses an atoi(), w=
hich has undefined behavior when called on non integer strings, leaving len=
 to be 0.</div><div><br></div><div>Second, the check here=C2=A0<a href=3D"h=
ttps://github.com/pagespeed/mod_pagespeed/blob/master/third_party/aprutil/a=
pr_memcache2.c#L1457">https://github.com/pagespeed/mod_pagespeed/blob/maste=
r/third_party/aprutil/apr_memcache2.c#L1457</a> vs=C2=A0<a href=3D"https://=
gist.github.com/crowell/59bfa1bb9f0cda30c48a#file-multiget-c-L199">https://=
gist.github.com/crowell/59bfa1bb9f0cda30c48a#file-multiget-c-L199</a></div>=
<div><br></div><div>In the original apr code, this check will never fail. l=
en is an apr_size_t, and will never be &lt; 0.</div><div><br></div><div>The=
 issue here now is that the check in the &quot;server sent back a key that =
i didn&#39;t ask for&quot;=C2=A0<a href=3D"https://github.com/pagespeed/mod=
_pagespeed/blob/master/third_party/aprutil/apr_memcache2.c#L1507">https://g=
ithub.com/pagespeed/mod_pagespeed/blob/master/third_party/aprutil/apr_memca=
che2.c#L1507</a> (same in both forked and upstream), apr_pollset_remove, is=
 never called, and the number of queries sent is never changed.</div><div><=
br></div><div>Does it seem possible that this is causing the server to spin=
 here, and would apr be interested in accepting a patch to fix the signedne=
ss issues?</div><div><br></div><div>Thanks,</div><div>Jeff</div></div>

--001a1141cd9a661f8d05206f0edf--