httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Hartill <>
Subject [BUG]: "Resource limits (RlimitCPU, etc.) cause core dump" on Solaris 2.x (fwd)
Date Tue, 04 Feb 1997 01:28:09 GMT
not acked

---------- Forwarded message ----------
Date: Mon Feb 3 12:17:00 1997
Subject: [BUG]: "Resource limits (RlimitCPU, etc.) cause core dump" on Solaris 2.x

Operating system: Solaris 2.x, version: 
Version of Apache Used: 1.2b6
Extra Modules used: 
URL exhibiting problem: 

Specifying RLimitCPU, RLimitMEM, etc. in
the httpd.conf file causes 1.2b6 to die with a
segmentation fault.

I'm not especially intimate with the code, but it
appears to me that the problem may be as follows:

http_core.c defines for core_cmds[]:
{ "RLimitCPU", set_limit_cpu, 
  (void*)XtOffsetOf(core_dir_config, limit_cpu),
  "soft/hard limits for max CPU usage in seconds" }

indicating that set_limit_cpu will be called with
an offset rather than a pointer; however, 
set_limit_cpu() accepts that parameter into
(core_dir_config *), and calls 

set_rlimit() then appears to dereference this 
pointer, via:
  *plimit=(struct rlimit *)pcalloc(cmd->pool,
  sizeof **plimit);
despite the fact that (plimit) is only a
calculated offset and not an actual valid pointer.

Contrast with the other commands which use XtOffset()
with set_string_slot, which adds the argument to
the base of an appropriate structure (cmd->info).

(truss output:)
open("/var/httpd/conf/httpd.conf", O_RDONLY)    = 3
fstat(3, 0xEFFFD840)                            = 0
brk(0x000635E8)                                 = 0
brk(0x000655E8)                                 = 0
ioctl(3, TCGETA, 0xEFFFD7CC)                    Err#25 ENOTTY
read(3, " # = = = = = = = = = = =".., 8192)     = 8192
getrlimit(RLIMIT_DATA, 0x0005E6D0)              = 0
    Incurred fault #6, FLTBOUNDS  %pc = 0x00025014
      siginfo: SIGSEGV SEGV_MAPERR addr=0x00000000
    Received signal #11, SIGSEGV [default]
      siginfo: SIGSEGV SEGV_MAPERR addr=0x00000000
        *** process killed ***


View raw message