Bug 56133

Summary: Invalid socket caused signal bus error in jk_is_input_event()
Product: Tomcat Connectors Reporter: Hiroto Shimizu <shimizuhiroto123>
Component: mod_jkAssignee: Tomcat Developers Mailing List <dev>
Status: RESOLVED FIXED    
Severity: normal    
Priority: P2    
Version: 1.2.37   
Target Milestone: ---   
Hardware: PC   
OS: Linux   
Attachments: patch against trunk

Description Hiroto Shimizu 2014-02-13 07:52:14 UTC
Created attachment 31307 [details]
patch against trunk

I used apache httpd-2.2.3-22.el5,mod_jk 1.2.28.
Signal bus error occurs and core dump file is output.
I analyze of follows.

(gdb) bt
#0  0x00002b7cb2c946a7 in kill () from /lib64/libc.so.6
#1  <signal handler called>
#2  0x00002b7cb8870f80 in jk_is_input_event (sd=-1, timeout=40000, l=0x2b7cc3499fe8) at jk_connect.c:878

jk_is_input_event() caused signal bus error, because of sd=-1.

---mod_jk.log
[Sun Jan 19 11:22:12 2014][15227:1221724480] [info] ajp_connection_tcp_send_message::jk_ajp_common.c
 (1101): sendfull for socket 62 returned -32 (errno=32)
---

ajp_connection_tcp_send_message() set the variable sd to -1 and return JK_FALSE(0).
Thus rc=0,and the loop continue.
The variable sd is still -1,and jk_is_input_event() caused signal bus error.

I made patch against trunk.

==================================================================
--- common/jk_ajp_common.c	(revision 1555413)
+++ common/jk_ajp_common.c	(working copy)
@@ -2267,7 +2267,7 @@
              */
             op->recoverable = JK_FALSE;
             rc = ajp_connection_tcp_send_message(p, op->post, l);
-            if (rc < 0) {
+            if (rc != JK_TRUE) {
                 jk_log(l, JK_LOG_ERROR,
                        "(%s) Tomcat is down or network problems",
                         p->worker->name);

==================================================================
$ gdb /usr/sbin/httpd.worker core.15227
:
(gdb) bt
#0  0x00002b7cb2c946a7 in kill () from /lib64/libc.so.6
#1  <signal handler called>
#2  0x00002b7cb8870f80 in jk_is_input_event (sd=-1, timeout=40000, l=0x2b7cc3499fe8) at jk_connect.c:878
#3  0x00002b7cb888c625 in ajp_get_reply (e=<value optimized out>, s=0x48d1fd10, l=0x2b7cc3499fe8, p=0x2b7cc3695770, op=0x48d1ea10) at jk_ajp_common.c:1923
#4  0x00002b7cb888f948 in ajp_service (e=0x2b7cc36977b8, s=0x48d1fd10, l=0x2b7cc3499fe8, is_error=0x48d1eb1c) at jk_ajp_common.c:2356
#5  0x00002b7cb887b99b in service (e=<value optimized out>, s=0x48d1fd10, l=0x2b7cc3499fe8, is_error=0x48d1fef8) at jk_lb_worker.c:1214
#6  0x00002b7cb886d6ff in jk_handler (r=0x2b7cc378b968) at mod_jk.c:2521
:
(gdb) p *p
$1 = {worker = 0x2b7cc365f1e0, pool = {size = 8192, pos = 144, 
     :
      sd = -1, reuse = 0, endpoint = {rd = 8197, wr = 637, recoverable = 1, 
     :
      last_access = 1390098131, last_errno = 32, last_op = 1}
Comment 1 Rainer Jung 2014-02-13 13:49:49 UTC
Thanks for the analysis.
Patch applied in 1567917.
Will be part of 1.2.38.