Opened 2 years ago

Closed 2 years ago

Last modified 23 months ago

#2423 closed defect (invalid)

Segmentation fault in ngx_http_variable_headers_internal

Reported by: asdfghjkl Owned by:
Priority: minor Milestone:
Component: nginx-core Version: 1.23.x
Keywords: ngx_http_variable_headers_internal Cc:
uname -a: Linux cdnext-edge8 4.18.0-408.el8.x86_64 #1 SMP Mon Jul 18 17:42:52 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
nginx -V: some elements deleted !!

nginx version: nginx/1.23.2 (APP/MODULE-TEST)
built by gcc 8.5.0 20210514 (Red Hat 8.5.0-17) (GCC)
built with OpenSSL 1.1.1s 1 Nov 2022
TLS SNI support enabled
configure arguments: --prefix=/export/dev/APP-test/nginx --build=APP/MODULE-TEST --with-debug --user=root --group=root --with-file-aio --with-ipv6 --with-pcre-jit --with-pcre=../modules_other/pcre --with-pcre-conf-opt='--enable-jit --enable-utf --enable-unicode-properties' --with-pcre-opt=-fPIC --with-threads --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_auth_request_module --with-http_stub_status_module --with-http_perl_module --with-http_slice_module --with-http_image_filter_module --with-http_xslt_module --with-http_geoip_module --with-stream --with-stream_ssl_module --with-stream_realip_module --with-stream_geoip_module --with-stream_ssl_preread_module --add-module=../ngx_modules/lua-nginx-module --add-module=../ngx_modules/lua-upstream-nginx-module --add-module=../ngx_modules/stream-lua-nginx-module --add-module=../ngx_modules/ngx_cache_purge --with-cc-opt='-O0 -g -m64 -mtune=generic -fPIC -I/usr/local/openssl-1.1.1/include -DAPP_TEST' --with-ld-opt='-Wl,-rpath,/usr/local/openssl-1.1.1/lib:/usr/local/pgsql/lib:/usr/lib64:/usr/local/lib -L/usr/local/pgsql/lib -L/usr/local/openssl-1.1.1/lib -L/usr/lib -DAPP_TEST' --with-select_module --with-poll_module --add-module=../ngx_modules/lua-nginx-module/t/data/fake-module --add-module=../ngx_modules/lua-nginx-module/t/data/fake-shm-module --add-module=../ngx_modules/lua-nginx-module/t/data/fake-delayed-load-module

Description (last modified by asdfghjkl)

I see Segmentation fault in ngx_http_variable_headers_internal.
When I use [lua-resty-core] t files,

https://github.com/openresty/lua-resty-core/blob/master/t/ngx-req.t

case TEST 7:

Thank you !!


[New LWP 25553]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `nginx -p /export/dev/app-test/ngx_lua-lib/lua-resty-core/t/servroot/ -c /exp'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x000055de63122d62 in ngx_http_variable_headers_internal (r=0x55de660d87a0, v=0x55de660d9610, data=208, sep=44 ',')

at src/http/ngx_http_variables.c:840

840 if (th->hash == 0) {
Missing separate debuginfos, use: yum debuginfo-install nginx-app-test-1.23.2-1.el8.x86_64
(gdb) bt
#0 0x000055de63122d62 in ngx_http_variable_headers_internal (r=0x55de660d87a0, v=0x55de660d9610, data=208, sep=44 ',')

at src/http/ngx_http_variables.c:840

#1 0x000055de63122cf0 in ngx_http_variable_header (r=0x55de660d87a0, v=0x55de660d9610, data=208) at src/http/ngx_http_variables.c:814
#2 0x000055de631226d1 in ngx_http_get_indexed_variable (r=0x55de660d87a0, index=12) at src/http/ngx_http_variables.c:637
#3 0x000055de6312282d in ngx_http_get_flushed_variable (r=0x55de660d87a0, index=12) at src/http/ngx_http_variables.c:674
#4 0x000055de631228bc in ngx_http_get_variable (r=0x55de660d87a0, name=0x7ffc6bb3f8b0, key=3611054648123159976)

at src/http/ngx_http_variables.c:693

#5 0x000055de63208c51 in ngx_http_lua_ffi_var_get (r=0x55de660d87a0, name_data=0x7fe047a76998 "http_user_agent", name_len=15,

lowcase_buf=0x7fe047a2ff78 "http_user_agent", capture_id=0, value=0x7fe047a74360, value_len=0x7fe047a48b30, err=0x7fe047a78f58)
at ../ngx_modules/lua-nginx-module/src/ngx_http_lua_variable.c:80

#6 0x00007fe046db89fb in lj_vm_ffi_call () from /usr/lib64/libluajit-5.1.so.2
#7 0x00007fe046df6489 in lj_ccall_func (L=L@entry=0x7fe047a560f8, cd=<optimized out>) at lj_ccall.c:1382
#8 0x00007fe046df830b in lj_cf_ffi_meta_call (L=0x7fe047a560f8) at lib_ffi.c:230
#9 0x00007fe046db65c5 in lj_BC_FUNCC () at lj_vmevent.c:24
#10 0x000055de6321fab9 in ngx_http_lua_run_thread (L=0x7fe047a6a380, r=0x55de660d87a0, ctx=0x55de660cbb30, nrets=0)

at ../ngx_modules/lua-nginx-module/src/ngx_http_lua_util.c:1184

#11 0x000055de632269e8 in ngx_http_lua_content_by_chunk (L=0x7fe047a6a380, r=0x55de660d87a0)

at ../ngx_modules/lua-nginx-module/src/ngx_http_lua_contentby.c:124

#12 0x000055de63226f28 in ngx_http_lua_content_handler_inline (r=0x55de660d87a0)

at ../ngx_modules/lua-nginx-module/src/ngx_http_lua_contentby.c:312

#13 0x000055de63226cb2 in ngx_http_lua_content_handler (r=0x55de660d87a0)

at ../ngx_modules/lua-nginx-module/src/ngx_http_lua_contentby.c:222

#14 0x000055de63104533 in ngx_http_core_content_phase (r=0x55de660d87a0, ph=0x55de661caa60) at src/http/ngx_http_core_module.c:1271
#15 0x000055de63103411 in ngx_http_core_run_phases (r=0x55de660d87a0) at src/http/ngx_http_core_module.c:885
#16 0x000055de6310337b in ngx_http_handler (r=0x55de660d87a0) at src/http/ngx_http_core_module.c:868
#17 0x000055de63113b64 in ngx_http_process_request (r=0x55de660d87a0) at src/http/ngx_http_request.c:2094
#18 0x000055de6311228e in ngx_http_process_request_headers (rev=0x55de660d9b40) at src/http/ngx_http_request.c:1496
#19 0x000055de631115f9 in ngx_http_process_request_line (rev=0x55de660d9b40) at src/http/ngx_http_request.c:1163
#20 0x000055de6310fcf7 in ngx_http_wait_request_handler (rev=0x55de660d9b40) at src/http/ngx_http_request.c:501
#21 0x000055de630e7d0a in ngx_epoll_process_events (cycle=0x55de660c3ae0, timer=958, flags=1)

at src/event/modules/ngx_epoll_module.c:901

#22 0x000055de630d3404 in ngx_process_events_and_timers (cycle=0x55de660c3ae0) at src/event/ngx_event.c:258
#23 0x000055de630e350e in ngx_single_process_cycle (cycle=0x55de660c3ae0) at src/os/unix/ngx_process_cycle.c:323
#24 0x000055de6309adfb in main (argc=5, argv=0x7ffc6bb40488) at src/core/nginx.c:383

Change History (6)

comment:1 by asdfghjkl, 2 years ago

Description: modified (diff)

comment:2 by Maxim Dounin, 2 years ago

Are you able to reproduce the issue without 3rd party modules / patches?

in reply to:  2 comment:3 by asdfghjkl, 2 years ago

Replying to Maxim Dounin:

Are you able to reproduce the issue without 3rd party modules / patches?

Thank you, I will try !

comment:4 by asdfghjkl, 2 years ago

I can not see this issue without 3rd party modules.
so you can close this ticket.

comment:5 by Maxim Dounin, 2 years ago

Resolution: invalid
Status: newclosed

comment:6 by Maxim Dounin, 23 months ago

See also #2447.

Note: See TracTickets for help on using tickets.