[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#897218: marked as done (apache2: mod_http2 (32-bit, i386) segmentation fault while delivering large (2+ GiB) file)

Your message dated Sat, 05 May 2018 10:04:56 +0000
with message-id <E1fEu3k-000E1r-Ft@fasolo.debian.org>
and subject line Bug#897218: fixed in apache2 2.4.33-3
has caused the Debian Bug report #897218,
regarding apache2: mod_http2 (32-bit, i386) segmentation fault while delivering large (2+ GiB) file
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org

897218: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897218
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: apache2
Version: 2.4.25-3+deb9u4
Severity: normal
Tags: patch upstream

While downloading a large (2200 MiB) file via HTTP/2.0, apache2 2.4.33 (Debian
unstable) reproducibly segfaults after delivering ~89% (1975 MiB) on 32-bit
i386.  apache2 2.4.25-3+deb9u4 (Debian stable) exhibits a slightly different
failure mode, which is however assumed to originate in the same upstream bug.

Steps to reproduce:
 - Install Debian unstable i386 in the "webserver" configuration, which installs
   apache2 2.4.33.  Install curl.  (Firefox or Chrome works as well.)
 - Enable SSL:
   * a2enmod ssl
   * a2ensite default-ssl
 - Enable HTTP/2.0:
   * echo 'Protocols h2 h2c http/1.1' > /etc/apache2/mods-available/http2.conf
   * a2enmod http2
 - Restart Apache: systemctl restart apache2
 - Create test file in /var/www/html:
   * dd if=/dev/zero of=/var/www/html/2200Mfile bs=1M count=2200
 - Download the test file via curl (--http2 is redundant because curl uses
   HTTP/2.0 anyways if it's available; --insecure is necessary because the above
   steps do not install a proper SSL cert):
   * curl --http2 --insecure -o /dev/null https://localhost/2200Mfile
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
 89 2200M   89 1975M    0     0  22.2M      0  0:01:38  0:01:28  0:00:10 25.8M
curl: (56) Unexpected EOF
 - Apache's error.log:
   [Wed Apr 25 11:17:05.749002 2018] [core:notice] [pid 398:tid 3082986688] AH00052: child pid 646 exit signal Segmentation fault (11)

Side note: On 64-bit, everything works as expected.  This seems to be a 32-bit
related bug.

This bug has been reported upstream, where Stefan Eissing already landed a fix
in apache2 trunk and suggested a backport to apache2 2.4.x:

-- Package-specific info:

-- System Information:
Debian Release: 9.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 4.9.0-6-686-pae (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages apache2 depends on:
ii  apache2-bin          2.4.25-3+deb9u4
ii  apache2-data         2.4.25-3+deb9u4
ii  apache2-utils        2.4.25-3+deb9u4
ii  dpkg                 1.18.24
ii  init-system-helpers  1.48
ii  lsb-base             9.20161125
ii  mime-support         3.60
ii  perl                 5.24.1-3+deb9u3
ii  procps               2:3.3.12-3

Versions of packages apache2 recommends:
ii  ssl-cert  1.0.39

Versions of packages apache2 suggests:
ii  apache2-doc                                      2.4.25-3+deb9u4
pn  apache2-suexec-pristine | apache2-suexec-custom  <none>
ii  lynx [www-browser]                               2.8.9dev11-1
ii  w3m [www-browser]                                0.5.3-34+deb9u1

Versions of packages apache2-bin depends on:
ii  libapr1                  1.5.2-5
ii  libaprutil1              1.5.4-3
ii  libaprutil1-dbd-sqlite3  1.5.4-3
ii  libaprutil1-ldap         1.5.4-3
ii  libc6                    2.24-11+deb9u3
ii  libldap-2.4-2            2.4.44+dfsg-5+deb9u1
ii  liblua5.2-0              5.2.4-1.1+b2
ii  libnghttp2-14            1.18.1-1
ii  libpcre3                 2:8.39-3
ii  libssl1.0.2              1.0.2l-2+deb9u3
ii  libxml2                  2.9.4+dfsg1-2.2+deb9u2
ii  perl                     5.24.1-3+deb9u3
ii  zlib1g                   1:1.2.8.dfsg-5

Versions of packages apache2-bin suggests:
ii  apache2-doc                                      2.4.25-3+deb9u4
pn  apache2-suexec-pristine | apache2-suexec-custom  <none>
ii  lynx [www-browser]                               2.8.9dev11-1
ii  w3m [www-browser]                                0.5.3-34+deb9u1

Versions of packages apache2 is related to:
ii  apache2      2.4.25-3+deb9u4
ii  apache2-bin  2.4.25-3+deb9u4

-- Configuration Files:
/etc/apache2/apache2.conf changed [not included]
/etc/apache2/conf-available/security.conf changed [not included]
/etc/apache2/mods-available/ssl.conf changed [not included]
/etc/apache2/mods-available/userdir.conf changed [not included]
/etc/apache2/ports.conf changed [not included]

-- no debconf information

--- End Message ---
--- Begin Message ---
Source: apache2
Source-Version: 2.4.33-3

We believe that the bug you reported is fixed in the latest version of
apache2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 897218@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
Stefan Fritsch <sf@debian.org> (supplier of updated apache2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)

Hash: SHA512

Format: 1.8
Date: Sat, 05 May 2018 11:34:47 +0200
Source: apache2
Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-ssl-dev apache2-dbg libapache2-mod-md libapache2-mod-proxy-uwsgi
Architecture: source amd64 all
Version: 2.4.33-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Changed-By: Stefan Fritsch <sf@debian.org>
 apache2    - Apache HTTP Server
 apache2-bin - Apache HTTP Server (modules and other binary files)
 apache2-data - Apache HTTP Server (common files)
 apache2-dbg - Apache debugging symbols
 apache2-dev - Apache HTTP Server (development headers)
 apache2-doc - Apache HTTP Server (on-site documentation)
 apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers)
 apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec
 apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec
 apache2-utils - Apache HTTP Server (utility programs for web servers)
 libapache2-mod-md - transitional package
 libapache2-mod-proxy-uwsgi - transitional package
Closes: 894785 897218
 apache2 (2.4.33-3) unstable; urgency=medium
   * Add Breaks for libapache2-mod-proxy-uwsgi and libapache2-mod-md, too.
     Closes: #894785
   * mod_http2: Avoid high memory usage with large files, causing crashes on
     32bit archs. Closes: #897218
   * Migrate from alioth to salsa.
 1957fd0155b84f53dcd0ed944df5f64df7235243 3268 apache2_2.4.33-3.dsc
 0415b28a0fa674b076f913c6197ee09ec66d8fb3 786148 apache2_2.4.33-3.debian.tar.xz
 3ae5987c83db08c01be37f4e83ea378e661d23c3 1302584 apache2-bin_2.4.33-3_amd64.deb
 bea2433f022411365b836e6d0bbe1c32b6b238cd 161236 apache2-data_2.4.33-3_all.deb
 7cfd3c085e8c7e9fb9bff4cd0459d39f3c71b981 4241652 apache2-dbg_2.4.33-3_amd64.deb
 c35484a8824862def90031a4f13153f0ecdb63c1 323424 apache2-dev_2.4.33-3_amd64.deb
 381e5b7c726dad90e7ed07538a0afd435c35771e 3938772 apache2-doc_2.4.33-3_all.deb
 ca6118945cbe0ad8d591f75e1c03a65b69291032 2340 apache2-ssl-dev_2.4.33-3_amd64.deb
 78c7419e4fbab4cdcc22250e453040463dcab069 164692 apache2-suexec-custom_2.4.33-3_amd64.deb
 e35b8016b481b55a4cef285613838bbaafc9ec50 163216 apache2-suexec-pristine_2.4.33-3_amd64.deb
 aeaebf8a1abecd97f9d96bd9d4fb84b61300aed8 228300 apache2-utils_2.4.33-3_amd64.deb
 50168a8b725e63d7e06f7a5f4e5a8cd991ccbb2b 11012 apache2_2.4.33-3_amd64.buildinfo
 1879fe023e80ff02e0218b6e6e46dc77978add61 244380 apache2_2.4.33-3_amd64.deb
 2810b047f22f4d1a009e830b4ed6f4ac7acc5c2d 920 libapache2-mod-md_2.4.33-3_amd64.deb
 bedfeeca8e0139c4fd0085d15490213ed48f5eaf 936 libapache2-mod-proxy-uwsgi_2.4.33-3_amd64.deb
 fbc087ccb70ba7ea93bab16dbcac9af520c786bf0173db462b66c6ae74b9938c 3268 apache2_2.4.33-3.dsc
 a82cf51b05bad9142f1d839af0b4baae8ab99cad78949ae37e720b6c41b32766 786148 apache2_2.4.33-3.debian.tar.xz
 69a6dd6dd05b68407e30fd039dd457db69d69c61cb500ec1165e485e04d6a1fb 1302584 apache2-bin_2.4.33-3_amd64.deb
 59e7e50771e250ebf44ab130fe7c73d92c5a2d78bc895431ed73afc01c381d7c 161236 apache2-data_2.4.33-3_all.deb
 a5fb832fac0ccde5b1d5a687062f300f214e72ed09ae4260042c54090174ce3e 4241652 apache2-dbg_2.4.33-3_amd64.deb
 db8c5fe1f35de2d402f3040b822a4473a86318d82ef75fbd7045571e538ea6a1 323424 apache2-dev_2.4.33-3_amd64.deb
 ec02f01c60ea6d7c84d959f16c05232700ae27c6ea44234422c1fdc3c4ee282f 3938772 apache2-doc_2.4.33-3_all.deb
 e60cd63d31d63dfa40ba155eafd1f564c0cb90351ed37ab8501c8bfd6565aaf0 2340 apache2-ssl-dev_2.4.33-3_amd64.deb
 eb8a0b66ebb61a71832c92209a0142bbb9a356096f12390e9166d4cd43a558e0 164692 apache2-suexec-custom_2.4.33-3_amd64.deb
 7fc3aaba2018067966d242cf91846fc88eb1f552f8b13b016d361ebb364be176 163216 apache2-suexec-pristine_2.4.33-3_amd64.deb
 a9d6e0b8d16b1dd5b6a3e0c765588d594ad27449c042c535c8d331825b3b6247 228300 apache2-utils_2.4.33-3_amd64.deb
 2e2981240bbcdc6c5373fcc4677f5f5b213a8353465384fb34f9729fab67edd2 11012 apache2_2.4.33-3_amd64.buildinfo
 8f162b660f576015a4b5be0b79b647f4a416dcb533490e8c8a88b2c007141ea2 244380 apache2_2.4.33-3_amd64.deb
 c8354cbd60ab57083f519210e18727ada14b38fb9c25bd06ebc88208a5ee26dd 920 libapache2-mod-md_2.4.33-3_amd64.deb
 597a32a6593e79a3ae0bd936b2f25dbabe3f0621109aa8cf2f86e48c3844c925 936 libapache2-mod-proxy-uwsgi_2.4.33-3_amd64.deb
 d6ea6be65b8b2bd4210648f6ec4031b7 3268 httpd optional apache2_2.4.33-3.dsc
 7f7d00b6f6ae80389bdbc0a8713ae558 786148 httpd optional apache2_2.4.33-3.debian.tar.xz
 6f966dfea716eb3317e28a2df2d67dec 1302584 httpd optional apache2-bin_2.4.33-3_amd64.deb
 c7b2501ec8b21f4b731e840c7c1ca633 161236 httpd optional apache2-data_2.4.33-3_all.deb
 b74f259e7be7c0da5438db5deddfcd3c 4241652 debug optional apache2-dbg_2.4.33-3_amd64.deb
 b31aa12ae166c1e915fbcf9086b8d4ca 323424 httpd optional apache2-dev_2.4.33-3_amd64.deb
 cfee732ccefdad8e6fe67fb47e404b96 3938772 doc optional apache2-doc_2.4.33-3_all.deb
 81b873d2f8795f2c59e51c4eb769fa75 2340 httpd optional apache2-ssl-dev_2.4.33-3_amd64.deb
 39f77d092154da0b22130fea96e824c3 164692 httpd optional apache2-suexec-custom_2.4.33-3_amd64.deb
 ba0e4e056bbed90a0e172a3521cfe761 163216 httpd optional apache2-suexec-pristine_2.4.33-3_amd64.deb
 149332b3020a92b1b06060028184da3d 228300 httpd optional apache2-utils_2.4.33-3_amd64.deb
 0323ad6e6220d5ee6f8608a1c83b4cf7 11012 httpd optional apache2_2.4.33-3_amd64.buildinfo
 89a7d709a0b7a921fd4bb69af5988d95 244380 httpd optional apache2_2.4.33-3_amd64.deb
 e21e63764b1b61385157aea662e0f8cc 920 oldlibs optional libapache2-mod-md_2.4.33-3_amd64.deb
 2b5bbd1f60c43bbd354cd0b8de251913 936 oldlibs optional libapache2-mod-proxy-uwsgi_2.4.33-3_amd64.deb



--- End Message ---

Reply to: