perl-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Torsten Foertsch <torsten.foert...@gmx.net>
Subject mp2 segfault
Date Tue, 13 Mar 2007 09:05:47 GMT
Hi,

I have found a reproducible way to segfault a mod_perled httpd.

My environment:

httpd 2.2.3
mpm worker
mod_perl 2.0.3
perl 5.8.8 (Suse linux 10.2)

and my httpd.conf
------------------------------------------------------------------------
LoadModule log_config_module "/opt/apache22-worker/libexec/mod_log_config.so"
LoadModule mime_module "/opt/apache22-worker/libexec/mod_mime.so"
LoadModule dir_module "/opt/apache22-worker/libexec/mod_dir.so"
LoadModule perl_module "/opt/apache22-worker/libexec/mod_perl.so"

PerlPassEnv APACHE_TEST_TRACE_LEVEL
PerlPassEnv HARNESS_PERL_SWITCHES

User    "r2"
Group    "users"
ServerName localhost:8529
Listen     0.0.0.0:8529

ServerRoot   "/home/r2/work/arvato/Apache2-Translation/t"
DocumentRoot "/home/r2/work/arvato/Apache2-Translation/t/htdocs"

PidFile     /home/r2/work/arvato/Apache2-Translation/t/logs/httpd.pid
ErrorLog    /home/r2/work/arvato/Apache2-Translation/t/logs/error_log
LogLevel    debug

TransferLog /home/r2/work/arvato/Apache2-Translation/t/logs/access_log

ServerAdmin you@example.com

#needed for http/1.1 testing
KeepAlive       On

HostnameLookups Off

<Directory />
    Options FollowSymLinks
</Directory>

LockFile             /home/r2/work/arvato/Apache2-Translation/t/logs/accept.lock
StartServers         1
MinSpareThreads      1
MaxSpareThreads      1
ThreadsPerChild      1
MaxClients           2
MaxRequestsPerChild  0

<Perl>
package TestConfig;

use strict;
use Apache2::RequestRec;
use Apache2::RequestIO;
use Apache2::RequestUtil;
use Apache2::CmdParms;
use Apache2::Directive;
use Apache2::Module;
use Apache2::Const -compile=>qw{OK};

Apache2::Module::add( __PACKAGE__, [{name=>'TestHandlerConfig'}] );

sub TestHandlerConfig {}

sub handler {
  my $r=shift;

  $r->content_type('text/plain');
  $r->print( "OK\n" );

  return Apache2::Const::OK;
}
</Perl>

PerlInterpScope handler
#PerlFixupHandler "sub {$_[0]->add_config([q{Options Indexes}]); return Apache2::Const::DECLINED;}"
PerlFixupHandler "sub {$_[0]->add_config([q{TestHandlerConfig 20}]); return Apache2::Const::DECLINED;}"
<Location /xxx>
	SetHandler modperl
	PerlResponseHandler TestConfig
#	TestHandlerConfig 20
</Location>
------------------------------------------------------------------------

Now, when /xxx is accessed httpd dumps core each other time. A stack trace
says:
#0  0xb7f7f410 in ?? ()
#1  0xbfd64878 in ?? ()
#2  0x00000001 in ?? ()
#3  0xbfd64873 in ?? ()
#4  0xb7d9a02b in __read_nocancel () from /lib/libpthread.so.0
#5  0x08092d59 in ap_mpm_pod_check (pod=0x81fbd20) at pod.c:54
#6  0x08090748 in child_main (child_num_arg=0) at worker.c:1258
#7  0x080908f4 in make_child (s=0x80b7f48, slot=0) at worker.c:1341
#8  0x08090a29 in startup_children (number_to_start=1) at worker.c:1375
#9  0x08091292 in ap_mpm_run (_pconf=0x80b60a8, plog=0x80e4160, s=0x80b7f48) at worker.c:1725
#10 0x08062b7e in main (argc=5, argv=0xbfd64b14) at main.c:717

Line 54 of pod.c looks quite innocent:

    rc = read(fd, &c, 1);

So, what is important for the bug?

1) PerlInterpScope handler: without it no segfaults
2) Access /xxx not /index.html. /index.html works normal, no segfaults
3) The fixup handler must set TestHandlerConfig, not some built-in statements
like Options
4) It can also be a maptostorage handler

Any hint where to look?

Torsten

Mime
View raw message