Bug#503213: apache2: Apache child is segfaulting due to a call to memcpy().

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#503213: apache2: Apache child is segfaulting due to a call to memcpy().
From: Etch amd64 Apache2/mod_proxy_ajp/mod_cache segfault <mathieu.rozieres@gmail.com>
Date: Thu, 23 Oct 2008 19:53:08 +0200
Message-id: <[🔎] 20081023175308.6967.32047.reportbug@apachetest.etaponline.fr>
Reply-to: Etch amd64 Apache2/mod_proxy_ajp/mod_cache segfault <mathieu.rozieres@gmail.com>, 503213@bugs.debian.org

Package: apache2
Version: 2.2.3-4+etch5
Severity: important

Configuration needed for this issue:
  Apache2 MPM Worker installed
  mod_disk_ache activated on the Host/VirtualHost URI
  mod_proxy_ajp serving this URI with ProxyPass
  mod_deflate compressing the resource served from this URI
  

Configuration snipet:


ProxyPass        /uri ajp://tomcat-host:8009/uri 
ProxyPassReverse /uri ajp://tomcat-host:8009/uri

<Location /uri>
	AddOutpFilterByType DEDEFLATE text/html
	Header append Vary User-Agent env=!dont-vary
</Location>

CacheEnable disk /uri

To reproduce the bug, run the following wget pattern :

wget -d http://myapache/uri \
 --header=Accept-Encoding:gzip,deflate \
 --header=User-Agent:Mozilla/5 \
 --header=Cache-Control: max-age=0

The HTTP header that trigger the bug is the Cache-Control: max-age=0. A workaround is to tell the cache to ignore CacheControl statement, but it is far from an optimal solution.
I've attached the stack trace produced by running :
user@host# gdb /usr/sbin/apache2
[...]
(gdb) run -X
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1493375328 (LWP 11202)]
0x00002afba65c7fa0 in memcpy () from /lib/libc.so.6
(gdb) bt
#0  0x00002afba65c7fa0 in memcpy () from /lib/libc.so.6
#1  0x00002afba5ee4655 in apr_file_read () from /usr/lib/libapr-1.so.0
#2  0x00002afba5ee6ed5 in apr_file_read_full () from /usr/lib/libapr-1.so.0
#3  0x00002afba7e5135b in ?? () from /usr/lib/apache2/modules/mod_disk_cache.so
#4  0x00002afba7b462e2 in cache_select () from /usr/lib/apache2/modules/mod_cache.so
#5  0x00002afba7b457bb in ?? () from /usr/lib/apache2/modules/mod_cache.so
#6  0x0000000000432f72 in ap_run_quick_handler ()
#7  0x0000000000441df1 in ap_process_request ()
#8  0x000000000043f40c in ap_register_input_filter ()
#9  0x0000000000439a21 in ap_run_process_connection ()
#10 0x0000000000446346 in ap_graceful_stop_signalled ()
#11 0x00002afba6340f1a in start_thread () from /lib/libpthread.so.0
#12 0x00002afba661d5d2 in clone () from /lib/libc.so.6
#13 0x0000000000000000 in ?? ()
(gdb) exit


This bug appears when using AJP13/Compression/Caching with Apache2 on Debian Etch amd64.
It can't be reproduce on the i386 package.

  --System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: x86_64 (amd64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-6-amd64
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages apache2 depends on:
ii  apache2-mpm-worker         2.2.3-4+etch5 High speed threaded model for Apac

apache2 recommends no packages.

-- no debconf information

Reply to:

Prev by Date: apache2_2.2.3-4+etch6_i386.changes INSTALLED into stable
Next by Date: kredit tanpa agunan 5 hr saja..adm/provisi 1,5 % .
Previous by thread: apache2_2.2.3-4+etch6_i386.changes INSTALLED into stable
Next by thread: kredit tanpa agunan 5 hr saja..adm/provisi 1,5 % .
Index(es):
- Date
- Thread