Uploaded image for project: 'Traffic Server'
  1. Traffic Server
  2. TS-3112

core dump in FetchSM.cc

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 5.0.1
    • 5.2.0
    • SPDY

    Description

      We see core dumps from FetchSM::InvokePluginExt () due to a missing null pointer check for contp. A simple fix is to check for null pointer after handleEvent(TS_FETCH_EVENT_EXT_HEAD_DONE).

      gdb stack trace and some other relavant info:

      (gdb) bt
#0  0x00000000004f4ec4 in Continuation::handleEvent (this=0x0, event=-4, data=0x2b86e0b2fe40) at ../iocore/eventsystem/I_Continuation.h:146
#1  0x00000000004f338c in FetchSM::InvokePluginExt (this=0x2b86e0b2fe40, fetch_event=0) at FetchSM.cc:297
#2  0x00000000004f3b80 in FetchSM::process_fetch_read (this=0x2b86e0b2fe40, event=100) at FetchSM.cc:442
#3  0x00000000004f3ee5 in FetchSM::fetch_handler (this=0x2b86e0b2fe40, event=100, edata=0x2b87802bde80) at FetchSM.cc:504
#4  0x00000000004f4f18 in Continuation::handleEvent (this=0x2b86e0b2fe40, event=100, data=0x2b87802bde80) at ../iocore/eventsystem/I_Continuation.h:146
#5  0x0000000000530f69 in PluginVC::process_read_side (this=0x2b87802bdd80, other_side_call=true) at PluginVC.cc:671
#6  0x00000000005307fe in PluginVC::process_write_side (this=0x2b87802bdf68, other_side_call=false) at PluginVC.cc:567
#7  0x000000000052f5a0 in PluginVC::main_handler (this=0x2b87802bdf68, event=1, data=0x2b87c00eaba0) at PluginVC.cc:212
#8  0x00000000004f4f18 in Continuation::handleEvent (this=0x2b87802bdf68, event=1, data=0x2b87c00eaba0) at ../iocore/eventsystem/I_Continuation.h:146
#9  0x0000000000753b66 in EThread::EThread (this=0x2b87802bdf68, att=11142, e=0x754501, sem=0x2b86ac48bc00) at UnixEThread.cc:105
#10 0x0000000000753d34 in EThread::process_event (this=0x0, e=0x2b86616159c0, calling_code=328784145) at UnixEThread.cc:141
#11 0x00000000007530c4 in Thread::Thread (this=0x16201c0) at Thread.cc:45
#12 0x00002b8657b77851 in start_thread () from /lib64/libpthread.so.0
#13 0x000000305eee894d in clone () from /lib64/libc.so.6
(gdb) frame 1
#1  0x00000000004f338c in FetchSM::InvokePluginExt (this=0x2b86e0b2fe40, fetch_event=0) at FetchSM.cc:297
297	FetchSM.cc: No such file or directory.
	in FetchSM.cc
(gdb) print contp
$1 = (Continuation *) 0x0
(gdb) print *this
$2 = {<Continuation> = {<force_VFPT_to_top> = {_vptr.force_VFPT_to_top = 0x761510}, handler = (int (Continuation::*)(Continuation *, int, 
    void *)) 0x4f3e52 <FetchSM::fetch_handler(int, void*)>, mutex = {m_ptr = 0x2b86e42bb0e0}, link = {<SLink<Continuation>> = {next = 0x0}, prev = 0x0}}, recursion = 1, 
  http_vc = 0x2b87802bdd80, read_vio = 0x2b87802bde80, write_vio = 0x2b87802bdec8, req_buffer = 0x2b8859bc4650, req_reader = 0x2b8859bc4668, client_response = 0x0, client_bytes = 0, 
  resp_buffer = 0x2b87f40a7ec0, resp_reader = 0x2b87f40a7ed8, contp = 0x0, cont_mutex = {m_ptr = 0x0}, http_parser = {m_parsing_http = false, m_mime_parser = {m_scanner = {m_line = 0x0, 
        m_line_length = 0, m_line_size = 0, m_state = MIME_PARSE_BEFORE}, m_field = 0, m_field_flags = 0, m_value = -1}}, client_response_hdr = {<MIMEHdr> = {<HdrHeapSDKHandle> = {
        m_heap = 0x2b87863a9810}, m_mime = 0x2b87863a98c8}, m_http = 0x2b87863a9898, m_url_cached = {<HdrHeapSDKHandle> = {m_heap = 0x0}, m_url_impl = 0x0}, m_host_mime = 0x0, 
    m_host_length = 0, m_port = 0, m_target_cached = false, m_target_in_url = false, m_port_in_header = false, static USE_HDR_HEAP_MAGIC = 0x1}, chunked_handler = {
    static DEFAULT_MAX_CHUNK_SIZE = 4096, action = ChunkedHandler::ACTION_DOCHUNK, chunked_reader = 0x0, dechunked_buffer = 0x0, dechunked_size = 0, dechunked_reader = 0x0, 
    chunked_buffer = 0x0, chunked_size = 0, truncation = false, skip_bytes = 0, state = ChunkedHandler::CHUNK_READ_CHUNK, cur_chunk_size = 0, bytes_left = 0, last_server_event = 0, 
    running_sum = 0, num_digits = 0, max_chunk_size = 4096, max_chunk_header = '\000' <repeats 15 times>, max_chunk_header_len = 0}, callback_events = {success_event_id = 0, 
    failure_event_id = 0, timeout_event_id = 0}, callback_options = NO_CALLBACK, req_finished = true, header_done = true, resp_finished = false, is_internal_request = false, _addr = {sa = {
      sa_family = 2, sa_data = "\311@H\240\234o\000\000\000\000\000\000\000"}, sin = {sin_family = 2, sin_port = 16585, sin_addr = {s_addr = 1872535624}, 
      sin_zero = "\000\000\000\000\000\000\000"}, sin6 = {sin6_family = 2, sin6_port = 16585, sin6_flowinfo = 1872535624, sin6_addr = {__in6_u = {__u6_addr8 = '\000' <repeats 15 times>, 
          __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}, resp_is_chunked = 0, resp_received_close = 0, fetch_flags = 22, 
  user_data = 0x2b87408b4260, has_sent_header = true, req_method = TS_FETCH_METHOD_GET, req_content_length = 0, resp_content_length = 289, resp_received_body_len = 0}
(gdb)

      Attachments

        Activity

          People

            sudheerv Sudheer Vinukonda
            sudheerv Sudheer Vinukonda
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: