Segmentation fault in mod_scgi
ASK QUESTIONS IN Forums:
I believe this happens when an existing scgi request is in progress when the other side of the scgi socket closes the connection.
Here's the backtrace from gdb
(gdb) bt #0 0xb7cb5d3b in strlen () from /lib/libc.so.6 #1 0x0805ba75 in buffer_append_string (b=0x806f308, s=0xd <Address 0xd out of bounds>) at buffer.c:171 #2 0x0805cf81 in log_error_write (srv=0x806f008, filename=0xd <Address 0xd out of bounds>, line=13, fmt=0xb7ef91c2 "sd") at log.c:192 #3 0xb7ef7a2d in scgi_handle_fdevent (s=0x806f008, ctx=0x80c1fe0, revents=25) at mod_scgi.c:2539 #4 0x0804e52e in main (argc=14, argv=0xbff62744) at server.c:1309
I'll attach the valgrind log.
Updated by moo almost 16 years ago
i'm not sure, but from your descrption, possible reproduce case is:
- write a scgi backend script that sleep(100);
- request it from client->lighttpd->scgi-backend
- kill the scgi-backend
Updated by darix almost 16 years ago
this is really 1.4.15 and not 1.4.12 or older?
Updated by jtate almost 16 years ago
lighttpd-1.4.15 (ssl) - a light and fast webserver Build-Date: Apr 17 2007 23:55:24 Event Handlers: + select (generic) + poll (Unix) + rt-signals (Linux 2.4+) + epoll (Linux 2.6) - /dev/poll (Solaris) - kqueue (FreeBSD) Network handler: + sendfile Features: + IPv6 support + zlib support + bzip2 support + crypt support + SSL Support + PCRE support - mySQL support - LDAP support - memcached support - FAM support - LUA support - xml support - SQLite support - GDBM support
Updated by jan almost 16 years ago
- Status changed from New to Fixed
- Resolution set to fixed
fixed in r1882
This only happens on 32bit apps where sizeof(off_t) != sizeof(int). We use the wrong format specifier.
Also available in: Atom