Bug 53284 - crash
Summary: crash
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_setenvif (show other bugs)
Version: 2.2.22
Hardware: PC Linux
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
Keywords: FixedInTrunk, MassUpdate
Depends on:
Reported: 2012-05-24 00:32 UTC by pioklo
Modified: 2018-11-07 21:09 UTC (History)
0 users


Note You need to log in before you can comment on or make changes to this bug.
Description pioklo 2012-05-24 00:32:22 UTC
Hello !
We have some segfaults with apache 2.2.22

here is some debug

Core was generated by `/usr/sbin/httpd -k start -DSSL'.
Program terminated with signal 6, Aborted.
#0  0x00007f5d94c9d165 in raise () from /lib/libc.so.6
(gdb) bt full
#0  0x00007f5d94c9d165 in raise () from /lib/libc.so.6
No symbol table info available.
#1  0x00007f5d94c9ff70 in abort () from /lib/libc.so.6
No symbol table info available.
#2  0x000000000044be0f in ap_log_assert (szExp=0x4d00cf "preg != NULL", szFile=0x4d00c0 "mod_setenvif.c", nLine=176) at log.c:882
        time_str = "Thu May 24 02:14:19 2012"
#3  0x00000000004617c5 in is_header_regex (cmd=0x7f5d5d67fb30, mconfig=<value optimized out>, fname=0x4d00dc "User-Agent", args=
    0x2686ca23 "gzip-only-text/html") at mod_setenvif.c:176
        preg = 0x0
#4  add_setenvif_core (cmd=0x7f5d5d67fb30, mconfig=<value optimized out>, fname=0x4d00dc "User-Agent", args=0x2686ca23 "gzip-only-text/html")
    at mod_setenvif.c:355
        regex = 0x269ba530 "^Mozilla/4"
        simple_pattern = <value optimized out>
        feature = <value optimized out>
        sconf = <value optimized out>
        new = 0x269ba0d0
        var = <value optimized out>
        i = <value optimized out>
        beenhere = <value optimized out>
        icase = 0
#5  0x00000000004482ee in invoke_cmd (cmd=0x4d04b0, parms=0x7f5d5d67fb30, mconfig=0x269ba0a8, args=0x2686ca18 "^Mozilla/4 gzip-only-text/html") at config.c:757
        w = <value optimized out>
        w2 = <value optimized out>
        w3 = <value optimized out>
        errmsg = <value optimized out>
#6  0x00000000004485a2 in ap_walk_config_sub (current=0x2686c9d8, parms=0x7f5d5d67fb30, section_vector=0x26877ce8) at config.c:1163
        dir_config = 0x0
        cmd = 0xe53
        ml = <value optimized out>
        dir = <value optimized out>
#7  ap_walk_config (current=0x2686c9d8, parms=0x7f5d5d67fb30, section_vector=0x26877ce8) at config.c:1196
        errmsg = <value optimized out>
        oldconfig = 0x0
#8  0x0000000000449514 in ap_parse_htaccess (result=<value optimized out>, r=0x26d9d1b0, override=31, override_opts=255, d=<value optimized out>, access_name=
    0x3431359 "") at config.c:1827
        errmsg = 0x0
        temptree = 0x2686c9d8
        f = 0x26868928
        parms = {info = 0x0, override = 31, limited = -1, limited_xmethods = 0x0, xlimited = 0x0, config_file = 0x26868928, directive = 0x2686c9d8, pool =
    0x26d9d138, temp_pool = 0x26d9d138, server = 0x17277920, path = 0x268677e0 "/home/ajsit80/domains/futbolbezbarier.org/public_html/", cmd = 0x4d04b0,
          context = 0x26877ce8, err_directive = 0x2661b0d8, override_opts = 255}
        filename = 0x26867828 "/home/ajsit80/domains/futbolbezbarier.org/public_html/.htaccess"
        cache = <value optimized out>
        dc = 0x26877ce8
        status = <value optimized out>
#9  0x00000000004439de in ap_directory_walk (r=0x26d9d1b0) at request.c:879
        htaccess_conf = 0x0
        res = <value optimized out>
---Type <return> to continue, or q <return> to quit---
        seg_name = 0x26867162 "public_html/"
        temp_slash = 1
        opts = {opts = 98 'b', add = 34 '"', remove = 129 '\201', override = 31 '\037', override_opts = 255 '\377'}
        thisinfo = {pool = 0x26d9d138, valid = 7598960, protection = 1877, filetype = APR_DIR, user = 2047, group = 2049, inode = 78228062, device = 2069,
          nlink = 8, size = 4096, csize = 4096, atime = 1331206990000000, mtime = 1332176119000000, ctime = 1332176119000000, fname =
    0x26867138 "/home/ajsit80/domains/futbolbezbarier.org/public_html/", name = 0x26d9e0a0 "\270\356\331&", filehand = 0x26d9d1b0}
        save_path_info = <value optimized out>
        matches = 0
        last_walk = 0x268670a0
        this_dir = <value optimized out>
        seg = 6
        sec_idx = 8
        filename_len = 54
        now_merged = 0x26867248
        sconf = 0x1d23e710
        num_sec = 9
        cache = <value optimized out>
        entry_dir = 0x268670d0 "/home/ajsit80/domains/futbolbezbarier.org/public_html/test/wp-content/themes/colorway/css/"
        rv = <value optimized out>
#10 0x0000000000440709 in core_map_to_storage (r=0xe53) at core.c:3634
        access_status = <value optimized out>
#11 0x0000000000442090 in ap_run_map_to_storage (r=0x26d9d1b0) at request.c:69
        n = 5
        rv = 0
#12 0x00000000004440e8 in ap_process_request_internal (r=0x26d9d1b0) at request.c:150
        file_req = 0
        access_status = 0
#13 0x0000000000491298 in ap_process_request (r=0x26d9d1b0) at http_request.c:280
        access_status = 0
#14 0x000000000048e210 in ap_process_http_connection (c=0x2685bc78) at http_core.c:190
        r = 0x26d9d1b0
        csd = 0x0
#15 0x000000000044e540 in ap_run_process_connection (c=0x2685bc78) at connection.c:43
        n = 1
        rv = 0
#16 0x00000000004c22c7 in process_socket (thd=<value optimized out>, dummy=<value optimized out>) at worker.c:544
        current_conn = <value optimized out>
        conn_id = <value optimized out>
        csd = 18762
        sbh = 0x2685bc70
#17 worker_thread (thd=<value optimized out>, dummy=<value optimized out>) at worker.c:894
        process_slot = 0
        thread_slot = 101
        csd = 0x2685ba60
        bucket_alloc = <value optimized out>
        last_ptrans = <value optimized out>
        ptrans = 0x2685b9d8
        rv = <value optimized out>
---Type <return> to continue, or q <return> to quit---
        is_idle = <value optimized out>
#18 0x00007f5d951d68ba in start_thread () from /lib/libpthread.so.0
No symbol table info available.
#19 0x00007f5d94d3a02d in clone () from /lib/libc.so.6
No symbol table info available.
#20 0x0000000000000000 in ?? ()
No symbol table info available.
(gdb) x/8i $pc
0x7f5d94c9d165 <raise+53>:      cmp    $0xfffffffffffff000,%rax
0x7f5d94c9d16b <raise+59>:      ja     0x7f5d94c9d182 <raise+82>
0x7f5d94c9d16d <raise+61>:      repz retq
0x7f5d94c9d16f <raise+63>:      nop
0x7f5d94c9d170 <raise+64>:      test   %eax,%eax
0x7f5d94c9d172 <raise+66>:      jg     0x7f5d94c9d155 <raise+37>
0x7f5d94c9d174 <raise+68>:      test   $0x7fffffff,%eax
0x7f5d94c9d179 <raise+73>:      jne    0x7f5d94c9d192 <raise+98>
(gdb) x/8x $sp
0x7f5d5d67f658: 0x94c9ff70      0x00007f5d      0x004d00cf      0x00000000
0x7f5d5d67f668: 0x5d67f7b0      0x00007f5d      0x000000b0      0x00000000
(gdb) info reg
rax            0x0      0
rbx            0x4d00c0 5046464
rcx            0xffffffffffffffff       -1
rdx            0x6      6
rsi            0xfd5    4053
rdi            0xe53    3667
rbp            0x4d00cf 0x4d00cf
rsp            0x7f5d5d67f658   0x7f5d5d67f658
r8             0x0      0
r9             0x0      0
r10            0x8      8
r11            0x206    518
r12            0x7f5d5d67f7b0   140038975780784
r13            0xb0     176
r14            0x0      0
r15            0x269ba530       647734576
rip            0x7f5d94c9d165   0x7f5d94c9d165 <raise+53>
eflags         0x206    [ PF IF ]
cs             0x33     51
ss             0x2b     43
ds             0x0      0
es             0x0      0
fs             0x0      0
gs             0x0      0
fctrl          0x37f    895
fstat          0x0      0
ftag           0xffff   65535
fiseg          0x0      0
fioff          0x0      0
foseg          0x0      0
fooff          0x0      0
fop            0x0      0
mxcsr          0x1fa0   [ PE IM DM ZM OM UM PM ]

I think this is problem also with deflate settings
we have the following settings

<Location />
# Insert filter
SetOutputFilter DEFLATE

# Netscape 4.x has some problems...
BrowserMatch ^Mozilla/4 gzip-only-text/html

# Netscape 4.06-4.08 have some more problems
BrowserMatch ^Mozilla/4\.0[678] no-gzip

# MSIE masquerades as Netscape, but it is fine
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

# Don't compress images and other uncompressible content
SetEnvIfNoCase Request_URI \
 \.(?:gif|jpe?g|png|rar|zip|exe|mov|tgz|tar.gz|wmv|pdf|mp3|swf|flv|avi|ogg|webm|ogv)$ no-gzip dont-vary

# Make sure proxies don't deliver the wrong content
Header append Vary User-Agent env=!dont-vary

Comment 1 Stefan Fritsch 2012-05-27 20:52:01 UTC
Is your system short of memory? I can't imagine how this assertion can be triggered except if out of memory.
Comment 2 pioklo 2012-05-27 21:52:18 UTC
It may be problem with memory because we have ulimit -v 8388608 in start scripts to avoid server crash due to another bug 


This segfault may be related to that bug when apache start using all memory reserverd for it 

Comment 3 Stefan Fritsch 2012-05-27 22:12:19 UTC
It is normal and intended behavior for 2.2 to segfault if memory allocation fails. This won't be changed.

2.4 should abort with a logged error message if out of memory. r1343109 adds the error handling for this particular code path (compiling a regular expression).
Comment 4 William A. Rowe Jr. 2018-11-07 21:09:52 UTC
Please help us to refine our list of open and current defects; this is a mass update of old and inactive Bugzilla reports which reflect user error, already resolved defects, and still-existing defects in httpd.

As repeatedly announced, the Apache HTTP Server Project has discontinued all development and patch review of the 2.2.x series of releases. The final release 2.2.34 was published in July 2017, and no further evaluation of bug reports or security risks will be considered or published for 2.2.x releases. All reports older than 2.4.x have been updated to status RESOLVED/LATER; no further action is expected unless the report still applies to a current version of httpd.

If your report represented a question or confusion about how to use an httpd feature, an unexpected server behavior, problems building or installing httpd, or working with an external component (a third party module, browser etc.) we ask you to start by bringing your question to the User Support and Discussion mailing list, see [https://httpd.apache.org/lists.html#http-users] for details. Include a link to this Bugzilla report for completeness with your question.

If your report was clearly a defect in httpd or a feature request, we ask that you retest using a modern httpd release (2.4.33 or later) released in the past year. If it can be reproduced, please reopen this bug and change the Version field above to the httpd version you have reconfirmed with.

Your help in identifying defects or enhancements still applicable to the current httpd server software release is greatly appreciated.