Uploaded image for project: 'Traffic Server'
  1. Traffic Server
  2. TS-3821

Segmentation fault possibly due leaks in atscppapi

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Not A Problem
    • None
    • None
    • CPP API
    • None

    Description

      Hello,

      I'm getting segmentation faults with ATS 5.3.1, possibly when I enabled plugins in atscppapi, in which are used other Plugins than GlobalPlugin (TransformationPlugin, InterceptionPlugin,...)

      i'm building traffic server only with parameters:
      ./configure --prefix=/install --exec-prefix=/exec --with-user=trafficserver --enable-cppapi

      I'm getting segfault:

      traffic_server: Segmentation fault (Address not mapped to object [(nil)])
      traffic_server - STACK TRACE: 
      /www/trafficserver/install/bin/traffic_server(_Z19crash_logger_invokeiP7siginfoPv+0x99)[0x4c64d9]
      /lib/x86_64-linux-gnu/libpthread.so.0(+0xf0a0)[0x2afbe25d90a0]
      

      I tried to find an Issue and found possible leak in dectructor ~Transaction() of Transaction.cc file.
      The leak is, there is added plugin by addPlugin(TransactionPlugin *);
      and according to documentation https://docs.trafficserver.apache.org/en/latest/api/classatscppapi_1_1Transaction.html#a9835e610553275d197cabfbd6d1cab7b, Transaction should be responsible for cleaning.
      But nothing removes items of list state_.plugins_, where should be pointers to memory allocated with new, which won't be deleted by delete state_;

      I tried to correct it with

       
      for (TransactionPlugin* tmp : state_->plugins_) {
            delete tmp;
      }
      

      But it didn't work. I'm getting similar segfault with another

      traffic_server: Segmentation fault (Invalid permissions for mapped object [0x2b86141ea898])
      traffic_server - STACK TRACE: 
      /www/trafficserver/install/bin/traffic_server(_Z19crash_logger_invokeiP7siginfoPv+0x99)[0x4c64d9]
      /lib/x86_64-linux-gnu/libpthread.so.0(+0xf0a0)[0x2b85d603d0a0]
      [0x2b86141ea898]
      

      I tried to find more deep and find the plugins should be freed by delete in another class in file utils_internal.cc.
      But if this is true, I should see in debug mode message, which is printed before delete:

      LOG_DEBUG("Locked Mutex...Deleting transaction plugin at %p", *iter);
      

      But I don't see such messages in log.
      I can see in error.log lot of these messages. I'm getting them at least every second.

      20150805.16h37m04s [atscppapi] [Transaction.cc:343, operator()()] server request already initialized
      

      Can you help me find the issue? Thanks for help in advance.

      Attachments

        1. AlwaysCache.cc
          0.8 kB
          Jiri Podhorsky
        2. BlockIP.cc
          3 kB
          Jiri Podhorsky
        3. EditHeader.cc
          2 kB
          Jiri Podhorsky

        Activity

          People

            briang Brian Geffon
            ksj Jiri Podhorsky
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: