Bug 47672 - seg fault from mod_mem_cache
Summary: seg fault from mod_mem_cache
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: Other Modules (show other bugs)
Version: 2.2-HEAD
Hardware: All All
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
Keywords: PatchAvailable
Depends on:
Reported: 2009-08-10 12:40 UTC by Dan Poirier
Modified: 2009-09-21 11:19 UTC (History)
0 users

Add a per-memcache object lock to protect the cached object pool (2.40 KB, text/plain)
2009-08-10 12:40 UTC, Dan Poirier

Note You need to log in before you can comment on or make changes to this bug.
Description Dan Poirier 2009-08-10 12:40:14 UTC
Created attachment 24124 [details]
Add a per-memcache object lock to protect the cached object pool

I can produce a seg fault out of mod_mem_cache by setting the cache
expiration very short (1 second), then hitting it with bursts of
requests for the same URL every few seconds.  The stack looks like:

#0  apr_table_add (t=0x9ee2230, key=0x9f8b630 "ETag", val=0x9f8c1c8
"\"3ee9f6-22-4533a9a40f700\"") at tables/apr_tables.c:792
#1  0xb7e10521 in deep_table_copy (p=<value optimized out>, table=<value
optimized out>) at mod_mem_cache.c:559
#2  0xb7e10a9d in store_headers (h=0x9f8b2e0, r=0x9f8a200, info=0x9f2eed8) at
#3  0xb806ed7c in cache_save_filter (f=0x9f8b988, in=0x9f8c220) at
#4  0x0807628b in default_handler (r=0x9f8a200) at core.c:3757

This appears to be due to concurrent use of mobj->pool when updating
the stored headers for a stale cached object.  Adding a lock per
memory cache object and using it to protect use of mobj->pool, I'm no
longer able to reproduce the problem.  Since the lock is per cached
object, there should be little contention for it.  (The fault was very
rare in real-world traffic.)

I'm attaching my fix for 2.2.x, since mod_mem_cache is no longer in
Comment 1 Eric Covener 2009-08-11 12:37:40 UTC
looks necessary to me, can you propose for "backport" in 2.2.x STATUS?
Comment 2 Dan Poirier 2009-09-21 11:19:18 UTC
Fixed in 2.2.x, r808904