Apache 2.0.44, Openssl 0.9.7, Zlib 1.1.4, compiled on VS.NET Enterprise, Win2K SP3. Openssl compiled with MASM functions. Mod_deflate is not loaded. Everything else is standard loaded, with mod_ssl loaded. Everything works fine, if no HTTPS(:443) requests happen. After an HTTPS page is loaded, if Apache is restared or stoped the following message will appear, then Apache exits. I have noticed, that if Loglevel, in httpd.conf, is at 'warn' or bellow, this error apears. If loglevel is above 'warn', this error does NOT happen. I have also reproduced this error with someone elses compiled code, http://hunter.campbus.com/. Apache.exe - Application Error The instruction at "0x77f85c41" referenced memory at "0x00000010". The memory could not be "written". Debug "Unhandled exception at 0x77f85c41 in Apache.exe: 0xC0000005: Access violation writing location 0x00000010." 77F85BFA xor ecx,ecx 77F85BFC cmp esi,dword ptr [eax+0A0h] 77F85C02 sete cl 77F85C05 mov byte ptr [ebp+8],cl 77F85C08 mov eax,dword ptr fs:[00000018h] 77F85C0E movzx edx,cl 77F85C11 mov dword ptr [eax+0F84h],edx 77F85C17 cmp byte ptr ds:[77FCF1DCh],bl 77F85C1D jne 77F9DB53 77F85C23 mov al,byte ptr ds:[77FCF1D0h] 77F85C28 neg al 77F85C2A sbb eax,eax 77F85C2C not eax 77F85C2E and eax,77FCF480h 77F85C33 cmp dword ptr [esi+10h],ebx 77F85C36 mov dword ptr [ebp-4],eax 77F85C39 je 77F891F2 77F85C3F mov eax,dword ptr [esi] 77F85C41 inc dword ptr [eax+10h] eax is zero.
---------------readwrite.c--------------- else { if (!thefile->pipe) { apr_off_t offset = 0; apr_status_t rc; if (thefile->append) { /* apr_file_lock will mutex the file across processes. * The call to apr_thread_mutex_lock is added to avoid * a race condition between LockFile and WriteFile * that occasionally leads to deadlocked threads. */ apr_thread_mutex_lock(thefile->mutex); ------->>>> rc = apr_file_lock(thefile, APR_FLOCK_EXCLUSIVE); if (rc != APR_SUCCESS) { apr_thread_mutex_unlock(thefile->mutex); return rc; } rc = apr_file_seek(thefile, APR_END, &offset); if (rc != APR_SUCCESS) { apr_thread_mutex_unlock(thefile->mutex); return rc; } } if (thefile->pOverlapped) { thefile->pOverlapped->Offset = (DWORD)thefile->filePtr; thefile->pOverlapped->OffsetHigh = (DWORD)(thefile->filePtr >> 32); } rv = WriteFile(thefile->filehand, buf, *nbytes, &bwrote, thefile->pOverlapped); if (thefile->append) { apr_file_unlock(thefile); apr_thread_mutex_unlock(thefile->mutex); } } ---------------readwrite.c disassembly--------------- { if (!thefile->pipe) { 6EEC7415 mov edx,dword ptr [thefile] 6EEC7418 movzx eax,byte ptr [edx+8] 6EEC741C test eax,eax 6EEC741E jne apr_file_write+308h (6EEC7511h) apr_off_t offset = 0; 6EEC7424 mov dword ptr [offset],0 6EEC742B mov dword ptr [ebp-34h],0 apr_status_t rc; if (thefile->append) { 6EEC7432 mov ecx,dword ptr [thefile] 6EEC7435 cmp dword ptr [ecx+34h],0 6EEC7439 je apr_file_write+292h (6EEC749Bh) /* apr_file_lock will mutex the file across processes. * The call to apr_thread_mutex_lock is added to avoid * a race condition between LockFile and WriteFile * that occasionally leads to deadlocked threads. */ apr_thread_mutex_lock(thefile->mutex); 6EEC743B mov edx,dword ptr [thefile] 6EEC743E mov eax,dword ptr [edx+50h] 6EEC7441 push eax 6EEC7442 call apr_thread_mutex_lock (6EEC8835h) rc = apr_file_lock(thefile, APR_FLOCK_EXCLUSIVE); ------->>>> 86EEC7447 push 2 <<<<------- 6EEC7449 mov ecx,dword ptr [thefile] 6EEC744C push ecx 6EEC744D call apr_file_lock (6EEC54B0h) 6EEC7452 mov dword ptr [rc],eax if (rc != APR_SUCCESS) { 6EEC7455 cmp dword ptr [rc],0 6EEC7459 je apr_file_write+266h (6EEC746Fh) apr_thread_mutex_unlock(thefile->mutex); 6EEC745B mov edx,dword ptr [thefile] 6EEC745E mov eax,dword ptr [edx+50h] 6EEC7461 push eax 6EEC7462 call apr_thread_mutex_unlock (6EEC894Ch) return rc; 6EEC7467 mov eax,dword ptr [rc] 6EEC746A jmp 6EEC766A } rc = apr_file_seek(thefile, APR_END, &offset); 6EEC746F lea ecx,[offset] 6EEC7472 push ecx 6EEC7473 push 2 6EEC7475 mov edx,dword ptr [thefile] 6EEC7478 push edx 6EEC7479 call apr_file_seek (6EEC79D0h) 6EEC747E mov dword ptr [rc],eax if (rc != APR_SUCCESS) { 6EEC7481 cmp dword ptr [rc],0 6EEC7485 je apr_file_write+292h (6EEC749Bh) apr_thread_mutex_unlock(thefile->mutex); 6EEC7487 mov eax,dword ptr [thefile] 6EEC748A mov ecx,dword ptr [eax+50h] 6EEC748D push ecx 6EEC748E call apr_thread_mutex_unlock (6EEC894Ch) return rc; 6EEC7493 mov eax,dword ptr [rc] 6EEC7496 jmp 6EEC766A } } if (thefile->pOverlapped) { 6EEC749B mov edx,dword ptr [thefile] 6EEC749E cmp dword ptr [edx+0Ch],0 6EEC74A2 je apr_file_write+2C3h (6EEC74CCh) thefile->pOverlapped->Offset = (DWORD)thefile->filePtr; 6EEC74A4 mov eax,dword ptr [thefile] 6EEC74A7 mov ecx,dword ptr [eax+48h] 6EEC74AA mov edx,dword ptr [thefile] 6EEC74AD mov eax,dword ptr [edx+0Ch] 6EEC74B0 mov dword ptr [eax+8],ecx thefile->pOverlapped->OffsetHigh = (DWORD)(thefile->filePtr >> 32); 6EEC74B3 mov ecx,dword ptr [thefile] 6EEC74B6 mov eax,dword ptr [ecx+48h] 6EEC74B9 mov edx,dword ptr [ecx+4Ch] 6EEC74BC mov cl,20h 6EEC74BE call _allshr (6EEDB2B0h) 6EEC74C3 mov edx,dword ptr [thefile] 6EEC74C6 mov ecx,dword ptr [edx+0Ch] 6EEC74C9 mov dword ptr [ecx+0Ch],eax } ------------------------------------------------------------------------- Name Value Type rc 35 int +thefile 0x00459128 apr_file_t * +thefile->mutex 0x004591a0 apr_thread_mutex_t * Name Value Type offset 0 __int64 rc 35 int +thefile 0x00459128 apr_file_t * buf 0x0006dd20 const void * +nbytes 0x0006dd08 unsigned int * rv 1876031935 int bwrote 458120 unsigned long ------------------------------------------------------------------------- NTDLL.DLL!77f85c41() NTDLL.DLL!77f85bd1() > libapr.dll!apr_file_write(apr_file_t * thefile=0x00459128, const void * buf=0x0006dd20, unsigned int * nbytes=0x0006dd08) Line 316 C libapr.dll!apr_file_puts(const char * str=0x0006dd20, apr_file_t * thefile=0x00459128) Line 441 C libhttpd.dll!log_error_core(const char * file=0x6fd1f9c0, int line=117, int level=4, int status=720006, const server_rec * s=0x00473868, const request_rec * r=0x00000000, apr_pool_t * pool=0x00000000, const char * fmt=0x6fd1f99c, char * args=0x0006fd88) Line 543 C libhttpd.dll!ap_log_error(const char * file=0x6fd1f9c0, int line=117, int level=4, int status=720006, const server_rec * s=0x00473868, const char * fmt=0x6fd1f99c, ...) Line 561 + 0x25 C mod_ssl.so!ssl_mutex_on(server_rec * s=0x00473868) Line 118 + 0x1c C mod_ssl.so!ssl_scache_dbm_remove(server_rec * s=0x00473868, unsigned char * id=0x004f4458, int idlen=32) Line 292 + 0x9 C mod_ssl.so!ssl_scache_remove(server_rec * s=0x00473868, unsigned char * id=0x004f4458, int idlen=32) Line 154 + 0x11 C mod_ssl.so!ssl_callback_DelSessionCacheEntry(ssl_ctx_st * ctx=0x004b7290, ssl_session_st * session=0x004f4410) Line 1722 + 0x11 C ssleay32.dll!timeout(ssl_session_st * s=0x004f4410, timeout_param_st * p=0x0006fe60) Line 664 + 0x12 C ssleay32.dll!timeout_LHASH_DOALL_ARG(const void * arg1=0x004f4410, void * arg2=0x0006fe60) Line 669 + 0x1f C libeay32.dll!doall_util_fn(lhash_st * lh=0x004b7430, int use_arg=1, void (const void *)* func=0x00000000, void (const void *, void *)* func_arg=0x1001b40a, void * arg=0x0006fe60) Line 287 + 0xd C libeay32.dll!lh_doall_arg(lhash_st * lh=0x004b7430, void (const void *, void *)* func=0x1001b40a, void * arg=0x0006fe60) Line 302 + 0x15 C ssleay32.dll!SSL_CTX_flush_sessions(ssl_ctx_st * s=0x004b7290, long t=0) Line 683 + 0x12 C ssleay32.dll!SSL_CTX_free(ssl_ctx_st * a=0x004b7290) Line 1425 + 0xb C mod_ssl.so!ssl_init_ctx_cleanup(modssl_ctx_t * mctx=0x004c2550) Line 1197 + 0x15 C mod_ssl.so!ssl_init_ctx_cleanup_server(modssl_ctx_t * mctx=0x004c2550) Line 1213 + 0x9 C mod_ssl.so!ssl_init_ModuleKill(void * data=0x0042c178) Line 1249 + 0xc C libapr.dll!run_cleanups(cleanup_t * * cref=0x0042a2f0) Line 1976 + 0xd C libapr.dll!apr_pool_destroy(apr_pool_t * pool=0x0042a2e0) Line 755 + 0xc C libapr.dll!apr_pool_destroy(apr_pool_t * pool=0x004282b0) Line 752 + 0xc C Apache.exe!destroy_and_exit_process(process_rec * process=0x00428340, int process_exit_value=0) Line 247 C Apache.exe!main(int argc=5, const char * const * argv=0x00422800) Line 658 + 0xb C Apache.exe!mainCRTStartup() Line 400 + 0x11 C KERNEL32.DLL!77e9ca90() ------------------------------------------------------------------------- 'Apache.exe': Loaded 'E:\Apache2\bin\Apache.exe', Symbols loaded. 'Apache.exe': Loaded 'C:\WINNT\system32\NTDLL.DLL', Cannot find or open a required DBG file. 'Apache.exe': Loaded 'E:\Apache2\bin\libapr.dll', Symbols loaded. 'Apache.exe': Loaded 'C:\WINNT\system32\ws2_32.dll', Cannot find or open a required DBG file. 'Apache.exe': Loaded 'C:\WINNT\system32\msvcrt.dll', No symbols loaded. 'Apache.exe': Loaded 'C:\WINNT\system32\KERNEL32.DLL', Cannot find or open a required DBG file. 'Apache.exe': Loaded 'C:\WINNT\system32\ADVAPI32.DLL', Cannot find or open a required DBG file. 'Apache.exe': Loaded 'C:\WINNT\system32\rpcrt4.dll', Cannot find or open a required DBG file. 'Apache.exe': Loaded 'C:\WINNT\system32\ws2help.dll', Cannot find or open a required DBG file. 'Apache.exe': Loaded 'C:\WINNT\system32\mswsock.dll', Cannot find or open a required DBG file. 'Apache.exe': Loaded 'C:\WINNT\system32\USER32.DLL', Cannot find or open a required DBG file. 'Apache.exe': Loaded 'C:\WINNT\system32\GDI32.DLL', Cannot find or open a required DBG file. 'Apache.exe': Loaded 'C:\WINNT\system32\dnsapi.dll', Cannot find or open a required DBG file. 'Apache.exe': Loaded 'C:\WINNT\system32\wsock32.dll', Cannot find or open a required DBG file. 'Apache.exe': Loaded 'C:\WINNT\system32\msvcr70d.dll', Symbols loaded. 'Apache.exe': Loaded 'E:\Apache2\bin\libaprutil.dll', Symbols loaded. 'Apache.exe': Loaded 'E:\Apache2\bin\libapriconv.dll', Symbols loaded. 'Apache.exe': Loaded 'E:\Apache2\bin\libhttpd.dll', Symbols loaded. 'Apache.exe': Loaded 'C:\WINNT\system32\SHELL32.DLL', Cannot find or open a required DBG file. 'Apache.exe': Loaded 'C:\WINNT\system32\shlwapi.dll', No symbols loaded. 'Apache.exe': Loaded 'C:\WINNT\system32\comctl32.dll', Cannot find or open a required DBG file. 'Apache.exe': Loaded 'C:\WINNT\system32\msafd.dll', Cannot find or open a required DBG file. 'Apache.exe': Loaded 'C:\WINNT\system32\wshtcpip.dll', Cannot find or open a required DBG file. 'Apache.exe': Loaded 'C:\WINNT\system32\rsaenh.dll', Cannot find or open a required DBG file. 'Apache.exe': Loaded 'C:\WINNT\system32\OLE32.DLL', Cannot find or open a required DBG file. 'Apache.exe': Loaded 'C:\WINNT\system32\USERENV.DLL', Cannot find or open a required DBG file. 'Apache.exe': Loaded 'C:\WINNT\system32\CRYPT32.DLL', Cannot find or open a required DBG file. 'Apache.exe': Loaded 'C:\WINNT\system32\msasn1.dll', Cannot find or open a required DBG file. 'Apache.exe': Loaded 'E:\Apache2\modules\mod_access.so', Symbols loaded. 'Apache.exe': Loaded 'E:\Apache2\modules\mod_actions.so', Symbols loaded. 'Apache.exe': Loaded 'E:\Apache2\modules\mod_alias.so', Symbols loaded. 'Apache.exe': Loaded 'E:\Apache2\modules\mod_asis.so', Symbols loaded. 'Apache.exe': Loaded 'E:\Apache2\modules\mod_auth.so', Symbols loaded. 'Apache.exe': Loaded 'E:\Apache2\modules\mod_autoindex.so', Symbols loaded. 'Apache.exe': Loaded 'E:\Apache2\modules\mod_cgi.so', Symbols loaded. 'Apache.exe': Loaded 'E:\Apache2\modules\mod_dir.so', Symbols loaded. 'Apache.exe': Loaded 'E:\Apache2\modules\mod_env.so', Symbols loaded. 'Apache.exe': Loaded 'E:\Apache2\modules\mod_imap.so', Symbols loaded. 'Apache.exe': Loaded 'E:\Apache2\modules\mod_include.so', Symbols loaded. 'Apache.exe': Loaded 'E:\Apache2\modules\mod_info.so', Symbols loaded. 'Apache.exe': Loaded 'E:\Apache2\modules\mod_isapi.so', Symbols loaded. 'Apache.exe': Loaded 'E:\Apache2\modules\mod_log_config.so', Symbols loaded. 'Apache.exe': Loaded 'E:\Apache2\modules\mod_mime.so', Symbols loaded. 'Apache.exe': Loaded 'E:\Apache2\modules\mod_negotiation.so', Symbols loaded. 'Apache.exe': Loaded 'E:\Apache2\modules\mod_setenvif.so', Symbols loaded. 'Apache.exe': Loaded 'E:\Apache2\modules\mod_status.so', Symbols loaded. 'Apache.exe': Loaded 'E:\Apache2\modules\mod_userdir.so', Symbols loaded. 'Apache.exe': Loaded 'E:\Apache2\modules\mod_ssl.so', Symbols loaded. 'Apache.exe': Loaded 'E:\Apache2\bin\ssleay32.dll', Symbols loaded. 'Apache.exe': Loaded 'E:\Apache2\bin\libeay32.dll', Symbols loaded. 'Apache.exe': Loaded 'C:\WINNT\system32\RNR20.DLL', Cannot find or open a required DBG file. 'Apache.exe': Loaded 'C:\WINNT\system32\IPHLPAPI.DLL', Cannot find or open a required DBG file. 'Apache.exe': Loaded 'C:\WINNT\system32\icmp.dll', Cannot find or open a required DBG file. 'Apache.exe': Loaded 'C:\WINNT\system32\mprapi.dll', Cannot find or open a required DBG file. 'Apache.exe': Loaded 'C:\WINNT\system32\samlib.dll', Cannot find or open a required DBG file. 'Apache.exe': Loaded 'C:\WINNT\system32\NETAPI32.DLL', Cannot find or open a required DBG file. 'Apache.exe': Loaded 'C:\WINNT\system32\secur32.dll', Cannot find or open a required DBG file. 'Apache.exe': Loaded 'C:\WINNT\system32\netrap.dll', Cannot find or open a required DBG file. 'Apache.exe': Loaded 'C:\WINNT\system32\WLDAP32.DLL', Cannot find or open a required DBG file. 'Apache.exe': Loaded 'C:\WINNT\system32\OLEAUT32.DLL', Cannot find or open a required DBG file. 'Apache.exe': Loaded 'C:\WINNT\system32\activeds.dll', Cannot find or open a required DBG file. 'Apache.exe': Loaded 'C:\WINNT\system32\adsldpc.dll', Cannot find or open a required DBG file. 'Apache.exe': Loaded 'C:\WINNT\system32\rtutils.dll', Cannot find or open a required DBG file. 'Apache.exe': Loaded 'C:\WINNT\system32\SETUPAPI.DLL', Cannot find or open a required DBG file. 'Apache.exe': Loaded 'C:\WINNT\system32\RASAPI32.DLL', Cannot find or open a required DBG file. 'Apache.exe': Loaded 'C:\WINNT\system32\RASMAN.DLL', Cannot find or open a required DBG file. 'Apache.exe': Loaded 'C:\WINNT\system32\tapi32.dll', Cannot find or open a required DBG file. 'Apache.exe': Loaded 'C:\WINNT\system32\DHCPCSVC.DLL', Cannot find or open a required DBG file. 'Apache.exe': Loaded 'C:\WINNT\system32\winrnr.dll', Cannot find or open a required DBG file. The thread 'Win32 Thread' (0x600) has exited with code 0 (0x0). Unhandled exception at 0x77f85c41 in Apache.exe: 0xC0000005: Access violation writing location 0x00000010.
This is a symptom that you loaded a DEBUG build of mod_ssl into a RELEASE version of Apache. Sorry, but they must match due to some deeply embedded bogosity in MS's FILE* handling software that the openssl libraries touch. Make certain you compile openssl, mod_ssl and Apache all NDEBUG or _DEBUG and with the same MS Visual Studio (our release is built with VC 6.0, SP5).
This bug still occurs with Apache 2.0.45 -- with *exactly* the same symptoms/lines. In my case this was with 2.0.45 sources, OpenSSL 0.9.7b, ZLib 1.1.4 and MSVC++ 6.0 on Windows 2K SP 3. OpenSSL compiled with NASM. Everything standard loaded plus util_ldap.so and mod_auth_ldap.so -- though these don't have to be involved to reproduce the issue.
Given that the referenced memory address is exactly the same in my case, I'm guessing a memory address is being used which has a known bad value. Moreover, at least when I hit Cancel upon the crash thefile->filehand is 0xffffffff (i.e. -1). Overall, I'm unconvinced that this is debug vs. non-debug "bogosity" when I built everything with NDEBUG (even rebuilding OpenSSL with this symbol defined - -- which I never had to define in 1.3.x or 2.0.43).
This bug appears to be a duplicate of 17701. It is worth noting that the workaround therein (backing down to OpenSSL 0.9.6g) is not acceptable as that would open known security holes. The workaround here (to crank LogLevel to error or above) is better. [I'm thinking the file handle might be getting closed / disposed of prior to this, but what do I know...]
>This is a symptom that you loaded a DEBUG build of mod_ssl into a RELEASE >version of Apache. Everything was compiled as release, not debug. All parts were compiled under the same compiler. >This bug appears to be a duplicate of 17701. You have that the other way around. This is bug 17055, 17055 < 17701.
See also bug 20462. I tracked this down to a pool ordering a problem, I think.
Thanks for the report. Since bug 20462 has the most detailed explanation of the cause of the problem, marking as duplicate of that bug. *** This bug has been marked as a duplicate of 20462 ***