Bug #258
closedSegmentation fault in 1.4.3 webdav
Description
Note: Component set to core because mod_webdav is not an option. Likewise, it's really 1.4.3 (download from from the lighttpd site).
(gdb) b mod_webdav.c:745
No source file named mod_webdav.c.
Make breakpoint pending on future shared library load? (y or [n]) y
Breakpoint 1 (mod_webdav.c:745) pending.
(gdb) set arg -D -f /etc/lighttpd/lighttpd.conf
(gdb) run
Starting program: /usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf
Breakpoint 2 at 0xb7cd8fdc: file mod_webdav.c, line 745.
Pending breakpoint "mod_webdav.c:745" resolved
Breakpoint 2, webdav_get_live_property (srv=0x1, con=0x807e9c0, p=0x807b1a0,
dst=0x807eab4, prop_name=0xb7cda751 "creationdate", b=0x80abad0)
at mod_webdav.c:745
745 buffer_append_string(b, "<D:creationdate ns0:dt=\"dateTime.tz\">");
(gdb) bt
#0 webdav_get_live_property (srv=0x1, con=0x807e9c0, p=0x807b1a0,
dst=0x807eab4, prop_name=0xb7cda751 "creationdate", b=0x80abad0)
at mod_webdav.c:745
#1 0xb7cd929a in webdav_get_props (srv=0x806c008, con=0x807e9c0, p=0x807b1a0,
dst=0x807eab4, props=0x0, b_200=0x80abad0, b_404=0x80abae0)
at mod_webdav.c:856
#2 0xb7cd9989 in mod_webdav_subrequest_handler (srv=0x806c008, con=0x807e9c0,
p_d=0x807b1a0) at mod_webdav.c:996
#3 0x0805f467 in plugins_call_handle_physical (srv=0x806c008, con=0x807e9c0)
at plugin.c:246
#4 0x0804f75f in http_response_prepare (srv=0x806c008, con=0x807e9c0)
at response.c:359
#5 0x08052124 in connection_state_machine (srv=0x806c008, con=0x807e9c0)
at connections.c:1205
#6 0x0804dd11 in main (argc=0, argv=0xbfc9ec24) at server.c:1100
(gdb) p sce
$1 = (stat_cache_entry *) 0x80ab838
(gdb) p sce->st.st_ctime
There is no member named st_ctime.
(gdb) p sce->st
$3 = {st_dev = 2305, __pad1 = 0, __st_ino = 1587196, st_mode = 17407,
st_nlink = 23, st_uid = 0, st_gid = 0, st_rdev = 0, __pad2 = 0,
st_size = 2280, st_blksize = 131072, st_blocks = 4, st_atim = {
tv_sec = 1126123444, tv_nsec = 0}, st_mtim = {tv_sec = 1126123157,
tv_nsec = 0}, st_ctim = {tv_sec = 1126123157, tv_nsec = 0},
st_ino = 1587196}
(gdb)
I don't understand how the dependency on __USE_MISC is set in /usr/include/bits/stat.h. I've also had webdav segfault on a Ubuntu box to which I don't have access at the moment sorry.
Other info:
$ uname -a Linux trespassersw 2.6.13-gentoo #1 Sat Sep 3 15:59:45 BST 2005 i686 AMD Athlon(tm) XP 2200+ AuthenticAMD GNU/Linux gcc -v Reading specs from /usr/lib/gcc/i686-pc-linux-gnu/3.4.4/specs Configured with: /var/tmp/portage/gcc-3.4.4-r1/work/gcc-3.4.4/configure --prefix=/usr --bindir=/usr/i686-pc-linux-gnu/gcc-bin/3.4.4 --includedir=/usr/lib/gcc/i686-pc-linux-gnu/3.4.4/include --datadir=/usr/share/gcc-data/i686-pc-linux-gnu/3.4.4 --mandir=/usr/share/gcc-data/i686-pc-linux-gnu/3.4.4/man --infodir=/usr/share/gcc-data/i686-pc-linux-gnu/3.4.4/info --with-gxx-include-dir=/usr/lib/gcc/i686-pc-linux-gnu/3.4.4/include/g++-v3 --host=i686-pc-linux-gnu --build=i686-pc-linux-gnu --disable-altivec --enable-nls --without-included-gettext --with-system-zlib --disable-checking --disable-werror --disable-libunwind-exceptions --disable-multilib --enable-java-awt=gtk --enable-languages=c,c++,java,f77 --enable-shared --enable-threads=posix --enable-__cxa_atexit --enable-clocale=gnu Thread model: posix gcc version 3.4.4 (Gentoo 3.4.4-r1, ssp-3.4.4-1.0, pie-8.7.8)
-- jh+lighttpd
Files
Updated by Anonymous over 19 years ago
The problem is caused because dst->path->ptr is a socket, and the corresponding sce is NULL. Crash Ho!
Don't know enough about webdav to provide a fix (should it even consider socket inodes??), however, in all the tests from mod_webdav.c:719 onwards, changing the property "if" test to, e.g.:
if (sce && 0 == strcmp(prop_name, "resourcetype"))stops it crashing for me.
HTH
-jonathan
-- jh+lighttpd
Updated by jan over 19 years ago
- Status changed from New to Fixed
- Resolution set to fixed
fixed in r726
returning a NULL in the sce if we return HANDLER_GO_ON is wrong for stat_cache_get_entry().
Also available in: Atom