https://redmine.lighttpd.net/https://redmine.lighttpd.net/favicon.ico?13667327412017-09-25T12:59:35Zlighty labsLighttpd - Bug #2822: Segmentation fault on HTTP chunked inputhttps://redmine.lighttpd.net/issues/2822?journal_id=110842017-09-25T12:59:35Zgstrauss
<ul><li><strong>Target version</strong> changed from <i>1.4.x</i> to <i>1.4.46</i></li></ul><p>Thanks for the report. Are there any more details you can provide? Do you mean that the header looks like the following?<br /><pre>
POST /chat HTTP/1.1\r\n
Host: c.whatsapp.net\r\n
User-Agent: Mozilla/5.0 (compatible; WAChat/1.2; +http://www.whatsapp.com/contact)\r\n
Transfer-Encoding: chunked\r\n
\r\n
\r\n
</pre></p> Lighttpd - Bug #2822: Segmentation fault on HTTP chunked inputhttps://redmine.lighttpd.net/issues/2822?journal_id=110852017-09-25T13:03:27Zgstrauss
<ul></ul><p>Ok. I can get this. An assert() is firing and I'll have to look why later tonight.<br /><pre>
Program received signal SIGSEGV, Segmentation fault.
connection_handle_read_post_chunked (dst_cq=0x658600, cq=0x6585b0,
con=0x657f90, srv=0x646010) at connections-glue.c:128
128 force_assert(c->type == MEM_CHUNK);
</pre></p> Lighttpd - Bug #2822: Segmentation fault on HTTP chunked inputhttps://redmine.lighttpd.net/issues/2822?journal_id=110862017-09-25T13:08:29Zgstrauss
<ul></ul><p>This appears to fix it. I'll review some other scenarios later and then will commit a fix.</p>
<pre>
--- a/src/connections-glue.c
+++ b/src/connections-glue.c
@@ -125,6 +125,7 @@ static handler_t connection_handle_read_post_chunked(server *srv, connection *co
while (0 == te_chunked) {
char *p;
chunk *c = cq->first;
+ if (NULL == c) break;
force_assert(c->type == MEM_CHUNK);
p = strchr(c->mem->ptr+c->offset, '\n');
if (NULL != p) { /* found HTTP chunked header line */
</pre> Lighttpd - Bug #2822: Segmentation fault on HTTP chunked inputhttps://redmine.lighttpd.net/issues/2822?journal_id=110892017-09-28T02:59:52Zgstrauss
<ul><li><strong>Subject</strong> changed from <i>Segmentation fault. fast_cgi </i> to <i>Segmentation fault on HTTP chunked input</i></li><li><strong>Category</strong> changed from <i>mod_fastcgi</i> to <i>core</i></li><li><strong>Status</strong> changed from <i>New</i> to <i>Patch Pending</i></li></ul> Lighttpd - Bug #2822: Segmentation fault on HTTP chunked inputhttps://redmine.lighttpd.net/issues/2822?journal_id=110902017-09-28T03:05:22Zgstrauss
<ul><li><strong>Status</strong> changed from <i>Patch Pending</i> to <i>Fixed</i></li><li><strong>% Done</strong> changed from <i>0</i> to <i>100</i></li></ul><p>Applied in changeset <a class="changeset" title="[core] fix triggered assert on HTTP chunked input (fixes #2822) (thx AlxT) x-ref: "Segmentati..." href="https://redmine.lighttpd.net/projects/lighttpd/repository/14/revisions/a156fdbc7bb00f1ead9df41038062efd7b829105">a156fdbc7bb00f1ead9df41038062efd7b829105</a>.</p>