Bug #1289
lighttpd runs in endless loop on FreeBSD
| Status: | Fixed | Start: | ||
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assigned to: | - | % Done: | 0% |
|
| Category: | core | |||
| Target version: | 1.4.17 | |||
| Missing in 1.5.x: |
Description
lighttpd runs in endless loop on FreeBSD if a file was shrinked.
There are several programming errors in
branches/lighttpd-1.4.x/src/network_freebsd_sendfile.c
First, in line 152 is an off-by-one:
if (offset > sce->st.st_size) {
[ code deleted to pass the broken Akismet filter ]
return -1;
}
it should be
{{{
offset >= sce->st.st_size
}}}
it does not make sense to open a file and read data past
end of file.
This is harmless, sendfile(2) can handle this case:
The offset argument specifies where to begin in the file. Should offset
fall beyond the end of file, the system will return success and report 0
bytes sent as described below.
but lighttpd does not check for 0 bytes sent (line 181-187). Now lighttpd
runs open/sendfile/close in an endless loop, read & send 0 bytes and
used 100% CPU time.
For a fix, see the linux sendfile implementation at
src/network_linux_sendfile.c line 177.
Associated revisions
fixed endless loop on shrinked files on *BSD (fixes #1289)
History
Updated by moo about 3 years ago
reported by wosch@freebsd.org
Updated by jan about 3 years ago
- Status changed from New to Fixed
- Resolution set to fixed
r1933 takes the code from the linux-sendfile handler as suggested.
Updated by jan about 3 years ago
r1934 fixes it for 1.5.x
Also available in: Atom