Bug #1263
closed
Segmentation fault in mod_scgi
Added by jtate over 17 years ago.
Updated almost 17 years ago.
Description
I believe this happens when an existing scgi request is in progress when the other side of the scgi socket closes the connection.
Here's the backtrace from gdb
(gdb) bt
#0 0xb7cb5d3b in strlen () from /lib/libc.so.6
#1 0x0805ba75 in buffer_append_string (b=0x806f308, s=0xd <Address 0xd out of bounds>) at buffer.c:171
#2 0x0805cf81 in log_error_write (srv=0x806f008, filename=0xd <Address 0xd out of bounds>, line=13,
fmt=0xb7ef91c2 "sd") at log.c:192
#3 0xb7ef7a2d in scgi_handle_fdevent (s=0x806f008, ctx=0x80c1fe0, revents=25) at mod_scgi.c:2539
#4 0x0804e52e in main (argc=14, argv=0xbff62744) at server.c:1309
I'll attach the valgrind log.
Files
i'm not sure, but from your descrption, possible reproduce case is:
- write a scgi backend script that sleep(100);
- request it from client->lighttpd->scgi-backend
- kill the scgi-backend
this is really 1.4.15 and not 1.4.12 or older?
Yes, 1.4.15:
lighttpd-1.4.15 (ssl) - a light and fast webserver
Build-Date: Apr 17 2007 23:55:24
Event Handlers:
+ select (generic)
+ poll (Unix)
+ rt-signals (Linux 2.4+)
+ epoll (Linux 2.6)
- /dev/poll (Solaris)
- kqueue (FreeBSD)
Network handler:
+ sendfile
Features:
+ IPv6 support
+ zlib support
+ bzip2 support
+ crypt support
+ SSL Support
+ PCRE support
- mySQL support
- LDAP support
- memcached support
- FAM support
- LUA support
- xml support
- SQLite support
- GDBM support
- Status changed from New to Fixed
- Resolution set to fixed
fixed in r1882
This only happens on 32bit apps where sizeof(off_t) != sizeof(int). We use the wrong format specifier.
Also available in: Atom