httpd-modules-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marco Spinetti <m.spine...@pisa.iol.it>
Subject Re: Strange segmentation fault
Date Tue, 31 Jul 2007 14:09:40 GMT
Any news  :'( ?

Marco


Marco Spinetti ha scritto:
> I tried what Nick advised yesterday.
> I register all my cleanup with apr_pool_cleanup_register: this is for 
> xml documents and bufptr.
> So after the creation or parsing of xml documents:
>
> apr_pool_cleanup_register(r->pool, doc, liberaDoc, 
> apr_pool_cleanup_null);
>
> and after dump xml doc:
>
> xmlDocDumpMemoryEnc(doc, &bufptr, &size, "UTF-8");
> apr_pool_cleanup_register(r->pool, bufptr, liberaBuff, 
> apr_pool_cleanup_null);
>
> where:
>
> apr_status_t liberaDoc(void *d)
> {
>    xmlDocPtr doc = d;
>      if (doc != NULL)
>        xmlFreeDoc(doc);
>      return APR_SUCCESS;
> }
>
> apr_status_t liberaBuff(void *b)
> {
>    xmlChar *bufptr = b;
>      if (bufptr != NULL)
>        xmlFree(bufptr);
>      return APR_SUCCESS;
> }
>
> then I inserted two print at the start and end of my module:
>
> ap_log_perror(APLOG_MARK, APLOG_ERR, 0, r->pool, "I:[%ld]%s", 
> (long)getpid(), q);
>
> ap_log_perror(APLOG_MARK, APLOG_ERR, 0, r->pool, "F:[%ld]%s", 
> (long)getpid(), q);
>
> where the last print if before the last instruction of my module 
> (return OK).
>
> Sometimes I get in the error_log:
>
> [Tue Jul 31 10:03:31 2007] [error] I:[15560]CASCINA DEI FAGIOLARI
> [Tue Jul 31 10:03:31 2007] [error] F:[15560]CASCINA DEI FAGIOLARI
> [Tue Jul 31 10:03:32 2007] [notice] child pid 15560 exit signal 
> Segmentation fault (11)
>
> This is very strange. I use mod_transform (Nick is one of the authors 
> ;-) ) to reply to the client.
> So I inserted this two print at the start and end of transform_filter:
>
> ap_log_perror(APLOG_MARK, APLOG_ERR, 0, f->r->pool, "II:[%ld]", 
> (long)getpid());
>
> ap_log_perror(APLOG_MARK, APLOG_ERR, 0, f->r->pool, "FF:[%ld]", 
> (long)getpid());
> Then I repeated the test and in the error log I get:
>
> [Tue Jul 31 10:52:19 2007] [error] I:[7307]CASCINA DEI FAGIOLARI
> [Tue Jul 31 10:52:20 2007] [error] II:[7307]
> [Tue Jul 31 10:52:20 2007] [error] FF:[7307]
> [Tue Jul 31 10:52:20 2007] [error] F:[7307]CASCINA DEI FAGIOLARI
> [Tue Jul 31 10:52:20 2007] [error] II:[7307]
> [Tue Jul 31 10:52:20 2007] [error] FF:[7307]
> [Tue Jul 31 10:52:20 2007] [notice] child pid 7307 exit signal 
> Segmentation fault (11)
>
> I don't know why I have two times the prints of mod_transform (???) 
> but the segmentation fault is after the end of mod_transform.
> So it seems that the error is in the mod_transform.
> What do you think?
>
> Best regards
>
> Marco
>
> Marco Spinetti ha scritto:
>> Ralf Mattes ha scritto:
>>> On Mon, 2007-07-30 at 18:49 +0200, m.spinetti@pisa.iol.it wrote:
>>>  
>>>> I found that a similar problem was this:
>>>>
>>>> http://mail-archives.apache.org/mod_mbox/httpd-modules-dev/200703.mbox/%3c1173077706.5485.6.camel@test.asus%3e

>>>>
>>>>     
>>>
>>> Similar? In what way? Abusing libxml2 interna? Are you doing this?
>>> Iff xmlFreeDoc triggers a segmentation violation than the most likely
>>> case is that you pass it a document pointer that's not (a valid
>>> libxml document any more). So what part of the module did invalidate
>>> that doc pointer? Is it more likely to be Apache or your module 
>>> code? BTW - one shure way to f^h^hk up you document is messing (i.e.
>>> releasing) nodes still refered to from the document. Does your module
>>> copy/move/delete nodes?
>>>   
>> The violation is inside my module,near the end. When I'm at the end 
>> of my module I reply to the client and I free the xml documents I used:
>>
>> .....
>> ap_add_output_filter(SV_XSLT_FILTER_NAME, NULL, r, r->connection);
>> mod_transform_set_XSLT(r, xslfilename);
>>
>> xmlDocDumpMemoryEnc(doc, &bufptr, &size, "UTF-8");
>> putXML(r, (char*)bufptr);
>>
>> if (size > 0)
>>    xmlFree(bufptr);
>>
>> if (docinter != NULL)
>>        xmlFreeDoc(docinter);
>> if (docs != NULL)
>>        xmlFreeDoc(docs);
>>
>> xmlFreeDoc(doc);
>> xmlCleanupParser();
>> return OK;
>>
>> where:
>>
>> void putXML(request_rec *r, char* xml)
>> {
>>    ap_set_content_type(r, "text/xml");
>>    ap_rwrite(xml, strlen(xml), r);
>>    ap_rflush(r);
>> }
>>
>> My final xml document is doc which is built in the module getting 
>> information from docinter and docs.
>> Yes my module copies some nodes from docs to doc with xmlCopyNode.
>> I think that my code is correct.
>> Am I doing some mistakes?
>> Best regards
>>
>> Marco
>>
>>>  
>>>> So it seems that it's possibile.
>>>> I don't understand how to solve it.
>>>> Could you give me some hints?
>>>>     
>>>
>>> Unless your module replaced libxml2's allocator the library uses
>>> malloc/free - you can use all the glorious GNU tools to debug. I guess
>>> you already set  MALLOC_CHECK_ to 1, did you?
>>>
>>>  HTH Ralf Mattes
>>>
>>>  
>>>> Best regards
>>>>
>>>> Marco
>>>>
>>>>   
>>>>> Sorry I don't understand the reply.
>>>>> You are telling me that it should be possibile or not?
>>>>> I always use r->pool to allocate memory in my module, but not for
>>>>> libxml2. It has it's memory allocation and looking at source it uses
>>>>> malloc and free.
>>>>> Best regards
>>>>>
>>>>> Marco
>>>>>
>>>>>
>>>>>     
>>>>>> On Mon, Jul 30, 2007 at 06:04:27PM +0200, m.spinetti@pisa.iol.it

>>>>>> wrote:
>>>>>>       
>>>>>>> I isolated my problem.
>>>>>>> It seems that sometimes during xmlFreeDoc(doc) I get a Segmentation
>>>>>>>           
>>>>> fault.
>>>>>     
>>>>>>> xmlFreeDoc is a function of libxml2 which I use inside my module.
>>>>>>> I suppose that libxml2 uses malloc/free to alloc and free memory:
>>>>>>>           
>>>> is it
>>>>   
>>>>>>> possibile that there is some overlap of memory with apr poll
>>>>>>>           
>>>> (r->poll)?
>>>>   
>>>>>> Not an option. Unless you use somewhat pools to allocate memory for
>>>>>> libxml. If you do so, stop it. Either use apr pools or malloc/free.
>>>>>> Kind regards.
>>>>>>
>>>>>>         
>>>
>>>   
>>
>


Mime
View raw message