httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 46688] New: Child segfault when mmaped file truncated
Date Tue, 10 Feb 2009 15:53:03 GMT

           Summary: Child segfault when mmaped file truncated
           Product: Apache httpd-2
           Version: 2.3-HEAD
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Core

Created an attachment (id=23246)
 --> (
A test module to force file truncation before a request is handled

I'm seeing a child process segfault when:

1) mmap enabled
2) an output filter is looking at the response body (e.g. mod_deflate)
3) the file being served is truncated between the initial stat() and the
handler running

Apache does an mmap for the original file length and when the output filter
tries to read the mapped memory past where the current file ends, the child seg

The enableMMap documentation warns about possible seg faults when a mapped NFS
file is truncated, but I'm seeing this on a local file system.

I've reproduced this on Linux and z/OS, not sure about other platforms but it
seems likely to affect them too.

If nothing is actually looking at the response body before we send it, then
there's not a seg fault.  The memory is passed to writev() and it seems to
catch the problem and return an error.  Maybe this is the part that only fails
on NFS?

A file getting truncated in the middle of a request is unlikely to happen often
by chance, I suppose.  I'll attach a test module from Jeff Trawick that forces
the truncation and makes this easy to reproduce.

I've thought about this some but haven't come up with a good approach to avoid
this problem.  We could stat() the file again to see if it has shrunk, but
there will always be a window where it could be truncated between when we
stat() it and when we actually look at the data.  

The consequences of not fixing it aren't too bad anyway -- Apache just logs the
child process failure and starts a new one.  

Maybe the best we can do is add to the warning in the enableMMap documentation.

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message