[Varnish] #598: SIGSEGV due to null pointer dereference in SES_Delete - VSL

Varnish varnish-bugs at projects.linpro.no
Tue Dec 8 11:01:42 CET 2009 

#598: SIGSEGV due to null pointer dereference in SES_Delete - VSL
-------------------+--------------------------------------------------------
 Reporter:  slink  |        Type:  defect
   Status:  new    |    Priority:  normal
Milestone:         |   Component:  build 
  Version:  trunk  |    Severity:  normal
 Keywords:         |  
-------------------+--------------------------------------------------------
 On most Solaris Versions except very recent ones, *printf don't check for
 null %s arguments.

 When WRK_QueueSession calls SES_Delete when WRK_Queue has failed (which is
 the case when the chosen pool's queue is full), varnish will crash on
 Solaris:

 > ::stack
 libc.so.1`strlen+0x40()
 libc.so.1`vsnprintf+0x51()
 VSL+0x285()
 SES_Delete+0x2f3()
 WRK_QueueSession+0x87()
 vca_acct+0x44e()
 libc.so.1`_thr_setup+0x5b()
 libc.so.1`_lwp_start()
 > ::status
 debugging core file of varnishd (64-bit) from BTO1W02CAS0S
 file: /coremedia/cache/varnish/sbin/varnishd
 initial argv:
 /coremedia/cache/varnish/sbin/varnishd -a 0.0.0.0:80 -T localhost:6082 -p
 rush_
 threading model: multi-threaded
 status: process terminated by SIGSEGV (Segmentation Fault)
 > ::regs
 %rax = 0x0000000000000020       %r8  = 0x0000000000000000
 %rbx = 0x0000000000000000       %r9  = 0x0000000000449148
 %rcx = 0x0000000000000073       %r10 = 0x0000000000000073
 %rdx = 0xfffffd7ff2611d18       %r11 = 0x0000000000000246
 %rsi = 0x0000000000000000       %r12 = 0x0000000000000000
 %rdi = 0x0000000000000000       %r13 = 0x000000000044914a
                                 %r14 = 0x0000000000000000
                                 %r15 = 0x0000000000000000

 %cs = 0x004b    %fs = 0x01bb    %gs = 0x0000
 %ds = 0x0043    %es = 0x0043    %ss = 0x0043

 %rip = 0xfffffd7fff054b70 libc.so.1`strlen+0x40
 %rbp = 0xfffffd7ff2611bf0
 %rsp = 0xfffffd7ff2610cb8

 %rflags = 0x00010246
   id=0 vip=0 vif=0 ac=0 vm=0 rf=1 nt=0 iopl=0x0
   status=<of,df,IF,tf,sf,ZF,af,PF,cf>

-- 
Ticket URL: <http://varnish.projects.linpro.no/ticket/598>
Varnish <http://varnish.projects.linpro.no/>
The Varnish HTTP Accelerator

More information about the varnish-bugs mailing list