[Varnish] #255: Varnish segfaults on certain response header sets

Varnish varnish-bugs at projects.linpro.no
Fri Jun 20 01:23:42 CEST 2008 

#255: Varnish segfaults on certain response header sets
-----------------------+----------------------------------------------------
 Reporter:  rafrombrc  |       Owner:  phk  
     Type:  defect     |      Status:  new  
 Priority:  normal     |   Milestone:       
Component:  varnishd   |     Version:  trunk
 Severity:  critical   |    Keywords:       
-----------------------+----------------------------------------------------
 I'm testing varnish in front of a collection of HTTP services.  Depending
 on how I have things configured in my upstream app, the response headers
 can vary slightly.  Some combinations of response headers work fine, but
 others cause varnish to segfault, but only in cases where the response
 body is longer than approx 9000 bytes.

 Here's an example of a header set that does NOT cause the problem:

 Outgoing headers: (200 OK)
   Server: Zope/(Zope 2.10.5-final, python 2.4.4, linux2) ZServer/1.1
 Plone/3.0.7 (svn/unreleased)
   Date: Thu, 19 Jun 2008 21:14:49 GMT
   Content-Length: 18347
   Expires: Mon, 22 Jun 1998 21:14:49 GMT
   Last-Modified: Sun, 27 Nov 2005 05:41:47 GMT
   X-Caching-Rule-Id: 7
   Cache-Control: max-age=0, s-maxage=3600, must-revalidate
   Content-Type: text/html; charset=utf-8
   X-Header-Set-Id: cache-in-proxy-1-hour

 The following response headers cause varnish to crash:

 Outgoing headers: (200 OK)
   Server: Zope/(Zope 2.10.5-final, python 2.4.4, linux2) ZServer/1.1
 Plone/3.0.7 (svn/unreleased)
   Date: Thu, 19 Jun 2008 21:14:49 GMT
   Content-Length: 18347
   Expires: Thu, 19 Jun 2008 21:14:49 GMT
   Last-Modified: Sun, 27 Nov 2005 05:41:47 GMT
   X-Caching-Rule-Id: 7
   Cache-Control: must-revalidate, max-age = 0
   Content-Type: text/html; charset=utf-8
   X-Header-Set-Id: cache-in-proxy-1-hour

 Note that the only difference in the header sets are the Cache-Control and
 Expires headers.

 I can reproduce this problem with the varnish 1.1.2 release, the 1.2 svn
 branch, and the svn trunk.  I'm using Ubuntu 7.10.  'uname -a' generates
 the following:

 Linux parsifal 2.6.22-14-generic #1 SMP Tue Feb 12 02:46:46 UTC 2008
 x86_64 GNU/Linux

 My VCL file and a core dump are attached.

-- 
Ticket URL: <http://varnish.projects.linpro.no/ticket/255>
Varnish <http://varnish.projects.linpro.no/>
The Varnish HTTP Accelerator

More information about the varnish-bugs mailing list