httpd-modules-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marco Spinetti <m.spine...@pisa.iol.it>
Subject Re: Strange segmentation fault
Date Tue, 31 Jul 2007 09:54:05 GMT
I tried what Nick advised yesterday.
I register all my cleanup with apr_pool_cleanup_register: this is for 
xml documents and bufptr.
So after the creation or parsing of xml documents:

apr_pool_cleanup_register(r->pool, doc, liberaDoc, apr_pool_cleanup_null);

and after dump xml doc:

xmlDocDumpMemoryEnc(doc, &bufptr, &size, "UTF-8");
apr_pool_cleanup_register(r->pool, bufptr, liberaBuff, 
apr_pool_cleanup_null);

where:

apr_status_t liberaDoc(void *d)
{
    xmlDocPtr doc = d;
   
    if (doc != NULL)
        xmlFreeDoc(doc);
   
    return APR_SUCCESS;
}

apr_status_t liberaBuff(void *b)
{
    xmlChar *bufptr = b;
   
    if (bufptr != NULL)
        xmlFree(bufptr);
   
    return APR_SUCCESS;
}

then I inserted two print at the start and end of my module:

ap_log_perror(APLOG_MARK, APLOG_ERR, 0, r->pool, "I:[%ld]%s", 
(long)getpid(), q);

ap_log_perror(APLOG_MARK, APLOG_ERR, 0, r->pool, "F:[%ld]%s", 
(long)getpid(), q);

where the last print if before the last instruction of my module (return 
OK).

Sometimes I get in the error_log:

[Tue Jul 31 10:03:31 2007] [error] I:[15560]CASCINA DEI FAGIOLARI
[Tue Jul 31 10:03:31 2007] [error] F:[15560]CASCINA DEI FAGIOLARI
[Tue Jul 31 10:03:32 2007] [notice] child pid 15560 exit signal 
Segmentation fault (11)

This is very strange. I use mod_transform (Nick is one of the authors 
;-) ) to reply to the client.
So I inserted this two print at the start and end of transform_filter:

ap_log_perror(APLOG_MARK, APLOG_ERR, 0, f->r->pool, "II:[%ld]", 
(long)getpid());

ap_log_perror(APLOG_MARK, APLOG_ERR, 0, f->r->pool, "FF:[%ld]", 
(long)getpid()); 

Then I repeated the test and in the error log I get:

[Tue Jul 31 10:52:19 2007] [error] I:[7307]CASCINA DEI FAGIOLARI
[Tue Jul 31 10:52:20 2007] [error] II:[7307]
[Tue Jul 31 10:52:20 2007] [error] FF:[7307]
[Tue Jul 31 10:52:20 2007] [error] F:[7307]CASCINA DEI FAGIOLARI
[Tue Jul 31 10:52:20 2007] [error] II:[7307]
[Tue Jul 31 10:52:20 2007] [error] FF:[7307]
[Tue Jul 31 10:52:20 2007] [notice] child pid 7307 exit signal 
Segmentation fault (11)

I don't know why I have two times the prints of mod_transform (???) but 
the segmentation fault is after the end of mod_transform.
So it seems that the error is in the mod_transform.
What do you think?

Best regards

Marco

Marco Spinetti ha scritto:
> Ralf Mattes ha scritto:
>> On Mon, 2007-07-30 at 18:49 +0200, m.spinetti@pisa.iol.it wrote:
>>  
>>> I found that a similar problem was this:
>>>
>>> http://mail-archives.apache.org/mod_mbox/httpd-modules-dev/200703.mbox/%3c1173077706.5485.6.camel@test.asus%3e

>>>
>>>     
>>
>> Similar? In what way? Abusing libxml2 interna? Are you doing this?
>> Iff xmlFreeDoc triggers a segmentation violation than the most likely
>> case is that you pass it a document pointer that's not (a valid
>> libxml document any more). So what part of the module did invalidate
>> that doc pointer? Is it more likely to be Apache or your module code? 
>> BTW - one shure way to f^h^hk up you document is messing (i.e.
>> releasing) nodes still refered to from the document. Does your module
>> copy/move/delete nodes?
>>   
> The violation is inside my module,near the end. When I'm at the end of 
> my module I reply to the client and I free the xml documents I used:
>
> .....
> ap_add_output_filter(SV_XSLT_FILTER_NAME, NULL, r, r->connection);
> mod_transform_set_XSLT(r, xslfilename);
>
> xmlDocDumpMemoryEnc(doc, &bufptr, &size, "UTF-8");
> putXML(r, (char*)bufptr);
>
> if (size > 0)
>    xmlFree(bufptr);
>
> if (docinter != NULL)
>        xmlFreeDoc(docinter);
> if (docs != NULL)
>        xmlFreeDoc(docs);
>
> xmlFreeDoc(doc);
> xmlCleanupParser();
> return OK;
>
> where:
>
> void putXML(request_rec *r, char* xml)
> {
>    ap_set_content_type(r, "text/xml");
>    ap_rwrite(xml, strlen(xml), r);
>    ap_rflush(r);
> }
>
> My final xml document is doc which is built in the module getting 
> information from docinter and docs.
> Yes my module copies some nodes from docs to doc with xmlCopyNode.
> I think that my code is correct.
> Am I doing some mistakes?
> Best regards
>
> Marco
>
>>  
>>> So it seems that it's possibile.
>>> I don't understand how to solve it.
>>> Could you give me some hints?
>>>     
>>
>> Unless your module replaced libxml2's allocator the library uses
>> malloc/free - you can use all the glorious GNU tools to debug. I guess
>> you already set  MALLOC_CHECK_ to 1, did you?
>>
>>  HTH Ralf Mattes
>>
>>  
>>> Best regards
>>>
>>> Marco
>>>
>>>    
>>>> Sorry I don't understand the reply.
>>>> You are telling me that it should be possibile or not?
>>>> I always use r->pool to allocate memory in my module, but not for
>>>> libxml2. It has it's memory allocation and looking at source it uses
>>>> malloc and free.
>>>> Best regards
>>>>
>>>> Marco
>>>>
>>>>
>>>>      
>>>>> On Mon, Jul 30, 2007 at 06:04:27PM +0200, m.spinetti@pisa.iol.it 
>>>>> wrote:
>>>>>        
>>>>>> I isolated my problem.
>>>>>> It seems that sometimes during xmlFreeDoc(doc) I get a Segmentation
>>>>>>           
>>>> fault.
>>>>      
>>>>>> xmlFreeDoc is a function of libxml2 which I use inside my module.
>>>>>> I suppose that libxml2 uses malloc/free to alloc and free memory:
>>>>>>           
>>> is it
>>>    
>>>>>> possibile that there is some overlap of memory with apr poll
>>>>>>           
>>> (r->poll)?
>>>    
>>>>> Not an option. Unless you use somewhat pools to allocate memory for
>>>>> libxml. If you do so, stop it. Either use apr pools or malloc/free.
>>>>> Kind regards.
>>>>>
>>>>>         
>>
>>   
>

-- 
Software Engineer - Spinetti Marco
Direzione Sviluppo Servizi, Sistemi e Piattaforme
Tel. +39 050 618.4264
Fax. +39 050 618.4244
Mob. +39 329 4424216
E-Mail: m.spinetti@pisa.iol.it
ItaliaOnLine S.p.A.
Direzione e coordinamento di Weather Investments S.p.A. 
Via G. Malagoli, 12
56124 PISA

The information transmitted is intended only for the person or entity to which it is addressed
and may contain confidential and/or privileged material. Any review, retransmission, dissemination
or other use of, or taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you received this in error, please
contact the sender and delete the material from any computer.
Any term contained in this email is intended solely as a basis for further discussion and
is not intended to be and does not constitute a legally binding obligation. No legally binding
obligations will be created, implied or inferred until a definitive agreement in final form
is executed in writing and delivered by both parties. Without limiting the generality of the
foregoing, the parties intend that there shall be no ligations based on such things as parol
evidence, extended negotiations, oral understandings or courses of conduct (including without
limitation reliance and changes of position).



Mime
View raw message