Project

General

Profile

Bug #1915

uninitialized value goes through request processing code path

Added by daveb over 10 years ago. Updated about 3 years ago.

Status:
Obsolete
Priority:
Normal
Assignee:
-
Category:
-
Target version:
Start date:
2009-02-25
Due date:
% Done:

0%

Estimated time:
Missing in 1.5.x:
Yes

Description

Hi,

It is possible for an uninitialized value to propagate its way through the request pipeline. The problem is best described by the valgrind output (using --track-origins, a new option in 3.4.0):

00:00:00:41.327 7667 Conditional jump or move depends on uninitialised value(s)
00:00:00:41.327 7667 at 0x425DD5: http_response_parse_cq (http_resp.c:115)
00:00:00:41.327 7667 by 0x68C24C7: proxy_http_stream_decoder (mod_proxy_backend_http.c:87)
00:00:00:41.327 7667 by 0x66B7E9F: proxy_stream_encode_decode (mod_proxy_core.c:847)
00:00:00:41.327 7667 by 0x66B9B3F: proxy_state_engine (mod_proxy_core.c:1564)
00:00:00:41.327 7667 by 0x66BA407: mod_proxy_core_start_backend (mod_proxy_core.c:2400)
00:00:00:41.327 7667 by 0x41C60E: plugins_call_handle_send_request_content (plugin.c:385)
00:00:00:41.327 7667 by 0x40E3E2: connection_state_machine (connections.c:1217)
00:00:00:41.327 7667 by 0x4091EB: lighty_mainloop (server.c:1005)
00:00:00:41.327 7667 by 0x40AC46: main (server.c:1773)
00:00:00:41.327 7667 Uninitialised value was created by a heap allocation
00:00:00:41.327 7667 at 0x4B226AB: malloc (in /usr/lib64/valgrind/amd64-linux/vgpreload_memcheck.so)
00:00:00:41.327 7667 by 0x41667D: buffer_prepare_copy (buffer.c:88)
00:00:00:41.327 7667 by 0x423A7C: network_read_chunkqueue_read (network_write.c:59)
00:00:00:41.327 7667 by 0x66B7D8C: proxy_handle_fdevent (mod_proxy_core.c:1016)
00:00:00:41.327 7667 by 0x40907F: lighty_mainloop (server.c:945)
00:00:00:41.327 7667 by 0x40AC46: main (server.c:1773)

-dave

lighttpd_bug1915.patch (364 Bytes) lighttpd_bug1915.patch daveb, 2009-02-25 09:21

History

#1

Updated by daveb over 10 years ago

The attached patch seems to have made these warnings go away. I'm not entirely sure if the bug could lead to a crash, but we've been getting crashes at high load with stack traces in realloc() and malloc(), implying that there is some memory corruption going on somewhere. I'm sorry I don't have more information.

-dave

#2

Updated by stbuehler over 10 years ago

  • Target version set to 1.5.0
#3

Updated by gstrauss about 3 years ago

  • Missing in 1.5.x set to Yes
#4

Updated by gstrauss about 3 years ago

  • Status changed from New to Obsolete

Also available in: Atom