id summary reporter owner description type status priority milestone component version resolution keywords cc uname nginx_version 238 segfault in DAV module during PUT processing vl somebody "Issuing DAV PUT request in some scenarios can lead to the segfault. The error log contains: 2012/10/30 15:12:49 [debug] 32408#0: *7 http request line: ""PUT /sni_tests.diff HTTP/1.1"" .......... 2012/10/30 15:12:49 [debug] 32408#0: *7 http read client request body 2012/10/30 15:12:49 [debug] 32408#0: *7 recv: fd:3 -1 of 4775 2012/10/30 15:12:49 [debug] 32408#0: *7 recv() not ready (11: Resource temporarily unavailable) 2012/10/30 15:12:49 [debug] 32408#0: *7 http client request body recv -2 2012/10/30 15:12:49 [debug] 32408#0: *7 http client request body rest 4775 ..... 2012/10/30 15:12:49 [debug] 32408#0: *7 http run request: ""/sni_tests.diff?"" 2012/10/30 15:12:49 [debug] 32408#0: *7 content phase: 11 2012/10/30 15:12:49 [debug] 32408#0: *7 http put filename: ""/home/vl/tasks/0034-doc-dav/nginx/dav/sni_tests.diff"" 2012/10/30 15:12:49 [alert] 32400#0: worker process 32408 exited on signal 11 (core dumped) The backtrace is: Core was generated by `nginx: worker'. Program terminated with signal 11, Segmentation fault. #0 ngx_ext_rename_file (src=0x8, to=0x7fffc9968c90, ext=0x7fffc9968bd0) at src/core/ngx_file.c:545 545 if (ngx_change_file_access(src->data, ext->access) == NGX_FILE_ERROR) { (gdb) bt #0 ngx_ext_rename_file (src=0x8, to=0x7fffc9968c90, ext=0x7fffc9968bd0) at src/core/ngx_file.c:545 #1 0x0000000000454cb0 in ngx_http_dav_put_handler (r=0x6b1730) at src/http/modules/ngx_http_dav_module.c:261 #2 0x000000000043839d in ngx_http_read_client_request_body (r=0x6b1730, post_handler=0x454af1 ) at src/http/ngx_http_request_body.c:43 #3 0x0000000000454327 in ngx_http_dav_handler (r=0x6b1730) at src/http/modules/ngx_http_dav_module.c:172 #4 0x000000000042c18d in ngx_http_core_content_phase (r=0x6b1730, ph=0x6ccf98) at src/http/ngx_http_core_module.c:1410 #5 0x00000000004271a3 in ngx_http_core_run_phases (r=0x6b1730) at src/http/ngx_http_core_module.c:884 #6 0x0000000000430f38 in ngx_http_request_handler (ev=0x6f15b0) at src/http/ngx_http_request.c:1871 #7 0x00000000004237f6 in ngx_epoll_process_events (cycle=0x6abb50, timer=, flags=) at src/event/modules/ngx_epoll_module.c:714 #8 0x000000000041ac00 in ngx_process_events_and_timers (cycle=0x6abb50) at src/event/ngx_event.c:247 #9 0x0000000000421dab in ngx_worker_process_cycle (cycle=0x6abb50, data=) at src/os/unix/ngx_process_cycle.c:810 #10 0x000000000042053f in ngx_spawn_process (cycle=0x6abb50, proc=0x421cb7 , data=0x0, name=0x471c24 ""worker process"", respawn=0) at src/os/unix/ngx_process.c:198 #11 0x0000000000422a25 in ngx_reap_children (cycle=0x6abb50) at src/os/unix/ngx_process_cycle.c:624 #12 ngx_master_process_cycle (cycle=0x6abb50) at src/os/unix/ngx_process_cycle.c:181 #13 0x0000000000404750 in main (argc=, argv=) at src/core/nginx.c:412 How to reproduce: use attached nginx.conf and setup FastCGI server using attached php script that implementis DAV extensions which nginx doesn't understand. the client used is Nautilus 2.32.2.1 (gvfs/1.12.3) file manager on linux host. Attempt to copy some files (looks like not too small, attached) into the DAV share served by nginx leads to it's segfault. " defect closed minor nginx-module 1.3.x fixed dav put "Linux vlpc 3.3.8-gentoo #2 SMP Thu Aug 2 16:02:48 MSK 2012 x86_64 Intel(R) Core(TM) i5-3450 CPU @ 3.10GHz GenuineIntel GNU/Linux " "nginx version: nginx/1.3.8 built by gcc 4.5.4 (Gentoo 4.5.4 p1.0, pie-0.4.7) configure arguments: --prefix=/home/vl/tasks/0034-doc-dav/nginx --with-http_dav_module --with-debug"