#284 closed defect (fixed)
segfault in DAV module during PUT processing after PUT and GET the same HTTP connection
| Reported by: | Hendy Irawan | Owned by: | vl |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | nginx-module | Version: | 1.1.x |
| Keywords: | dav put pipeline | Cc: | |
| uname -a: | Linux nitik1.bippo.co.id 3.5.2-linode45 #1 SMP Wed Aug 15 14:10:55 EDT 2012 i686 i686 i386 GNU/Linux | ||
| nginx -V: |
nginx version: nginx/1.1.19
TLS SNI support enabled configure arguments: --prefix=/etc/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-log-path=/var/log/nginx/access.log --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --lock-path=/var/lock/nginx.lock --pid-path=/var/run/nginx.pid --with-debug --with-http_addition_module --with-http_dav_module --with-http_geoip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_realip_module --with-http_stub_status_module --with-http_ssl_module --with-http_sub_module --with-http_xslt_module --with-ipv6 --with-sha1=/usr/include/openssl --with-md5=/usr/include/openssl --with-mail --with-mail_ssl_module --add-module=/build/buildd/nginx-1.1.19/debian/modules/nginx-auth-pam --add-module=/build/buildd/nginx-1.1.19/debian/modules/nginx-echo --add-module=/build/buildd/nginx-1.1.19/debian/modules/nginx-upstream-fair --add-module=/build/buildd/nginx-1.1.19/debian/modules/nginx-dav-ext-module |
||
Description
How to reproduce :
- Open connection
- PUT a file
- GET a file (pipelined)
- PUT a file (pipelined) <-- core dump here
I *think* this simplified scenario might also trigger the bug:
- Open connection
- GET a file
- PUT a file (pipelined) <-- probably will core dump here
The resulting behavior is similar to #238, but different trigger.
nginx log will say something like:
2013/01/18 03:17:03 [alert] 25253#0: worker process 25948 exited on signal 11 (core dumped)
nginx version: 1.1.19-1ubuntu0.1 on Ubuntu 12.04 32-bit
Change History (7)
comment:1 by , 12 years ago
| Owner: | set to |
|---|---|
| Status: | new → assigned |
comment:3 by , 12 years ago
comment:4 by , 12 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
comment:5 by , 12 years ago
| Resolution: | fixed |
|---|---|
| Status: | closed → reopened |
Still happens on nginx 1.2.7.
org.soluvas.image.ImageException: Error processing image goodmood_dress_0201c org.soluvas.image.store.MongoImageRepository.doCreate(MongoImageRepository.java:464) org.soluvas.image.store.MongoImageRepository.create(MongoImageRepository.java:305) org.soluvas.image.store.MongoImageRepository.add(MongoImageRepository.java:314) id.co.bippo.product.shell.hand.ProductImportCommand$1.apply(ProductImportCommand.java:116) id.co.bippo.product.shell.hand.ProductImportCommand$1.apply(ProductImportCommand.java:1) com.google.common.collect.Iterators$9.transform(Iterators.java:893) com.google.common.collect.TransformedIterator.next(TransformedIterator.java:48) java.util.AbstractCollection.toArray(AbstractCollection.java:141) com.google.common.collect.ImmutableList.copyFromCollection(ImmutableList.java:314) com.google.common.collect.ImmutableList.copyOf(ImmutableList.java:253) id.co.bippo.product.shell.hand.ProductImportCommand.doExecute(ProductImportCommand.java:109) org.apache.karaf.shell.console.OsgiCommandSupport.execute(OsgiCommandSupport.java:38) org.soluvas.commons.shell.TenantCommandSupport.execute(TenantCommandSupport.java:55) org.apache.felix.gogo.commands.basic.AbstractCommand.execute(AbstractCommand.java:35) org.apache.felix.gogo.runtime.CommandProxy.execute(CommandProxy.java:78) org.apache.felix.gogo.runtime.Closure.executeCmd(Closure.java:474) org.apache.felix.gogo.runtime.Closure.executeStatement(Closure.java:400) org.apache.felix.gogo.runtime.Pipe.run(Pipe.java:108) org.apache.felix.gogo.runtime.Closure.execute(Closure.java:183) org.apache.felix.gogo.runtime.Closure.execute(Closure.java:120) org.apache.felix.gogo.runtime.CommandSessionImpl.execute(CommandSessionImpl.java:89) org.apache.karaf.shell.console.jline.Console.run(Console.java:175) java.lang.Thread.run(Thread.java:722) Caused by: org.soluvas.image.ImageException: Error uploading n goodmood_dress_0201c using org.soluvas.image.impl.DavConnectorImpl ... 22 more Caused by: org.soluvas.image.ImageException: Cannot upload to http://dav.berbatik5.adri.dev/product/n/goodmood_dress_0201c_n.jpg ... 23 more Caused by: org.apache.http.client.ClientProtocolException ... 24 more Caused by: org.apache.http.ProtocolException: The server failed to respond with a valid HTTP response ... 26 more
nginx version:
$ nginx -V nginx version: nginx/1.2.7 built by gcc 4.7.2 (Ubuntu/Linaro 4.7.2-2ubuntu1) TLS SNI support enabled configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6
nginx log say this:
==> dav.berbatik5.adri.dev_access.log <== 127.0.0.1 - berbatik_dev [14/Feb/2013:18:07:42 +0700] "PUT /product/o/goodmood_dress_0201c_o.jpg HTTP/1.1" 204 0 "-" "Apache-HttpClient/4.2.2 (java 1.5)" 127.0.0.1 - berbatik_dev [14/Feb/2013:18:07:42 +0700] "GET /product/o/goodmood_dress_0201c_o.jpg HTTP/1.1" 200 518034 "-" "Apache-HttpClient/4.2.2 (java 1.5)" 127.0.0.1 - berbatik_dev [14/Feb/2013:18:07:43 +0700] "PUT /product/t/goodmood_dress_0201c_t.jpg HTTP/1.1" 204 0 "-" "Apache-HttpClient/4.2.2 (java 1.5)" 127.0.0.1 - berbatik_dev [14/Feb/2013:18:07:43 +0700] "PUT /product/l/goodmood_dress_0201c_l.jpg HTTP/1.1" 204 0 "-" "Apache-HttpClient/4.2.2 (java 1.5)" ==> access.log <== 127.0.0.1 - - [14/Feb/2013:18:07:43 +0700] "Q\xE7\xF1-\x1Fb\x09m\xDEf\x9Ci.\xE4<\x13\xB8\xBB\x99\xAF^\xF1\xD0\x05\x83)s\x0E\xAA8a\xF3,j\xF6\xE6\xFBK\xE6\xD2\xEE+]\xA1V.h\xAF\xB32\xBBZ;1\xC6\xEB\x03\xD3\xE4\xCA\xE0Y\x1B\xAF\x8B\x8A\xB6 \xF9.\xD2\xC9\xCE\x09\xAB\xEF\x1B\xB1\xE4\xD6\xB7\x93\xC4\xD8\xDA\x8B\x7F\xEA\xE5\x98\x8A\x9B>\xAC\xA5\xC2E\xEA\xBBN2\x0C\xC6\x04HA\x1D\xDB\xE6r\x95+" 400 166 "-" "-"
There should be another PUT after "PUT /product/l/goodmood_dress_0201c_l.jpg", but that PUT seems to be interpreted as a jumbled request.
So the revised reproduce steps is as follows:
How to reproduce :
- Open connection
- PUT a file
- GET a file (pipelined)
- PUT a file (pipelined) <-- success in 1.2.7, core dump in older version
- PUT a file (pipelined) <-- success in 1.2.7, core dump in older version
- PUT a file (pipelined) <-- jumbled request in 1.2.7
comment:6 by , 12 years ago
| Resolution: | → fixed |
|---|---|
| Status: | reopened → closed |
The problem with pipelined requests might still appear with DAV module in 1.2.x, but will no longer result in coredumps, see relevant commits pointed out by vl. The problem is completely resolved in 1.3.x.
Note:
See TracTickets
for help on using tickets.
You are using an old unstable version of nginx. It is very likely that the issue is already fixed in r4919 (1.3.9+, 1.2.6+) or r4938 (1.3.9+).
In any case, I'd recommend to update your nginx version. You can use our official repository for Ubuntu: http://nginx.org/en/download.html (bottom of the page).