[Varnish] #1289: varnishncsa segfault in libvarnishapi

Varnish varnish-bugs at varnish-cache.org
Tue Apr 2 11:28:24 CEST 2013 

#1289: varnishncsa segfault in libvarnishapi
-------------------------------------------------+-------------------------
 Reporter:  tmagnien                             |       Type:  defect
   Status:  new                                  |   Priority:  normal
Milestone:                                       |  Component:  varnishncsa
  Version:  3.0.3                                |   Severity:  normal
 Keywords:  varnishncsa segfault libvarnishapi   |
  vsl.c                                          |
-------------------------------------------------+-------------------------
 Hi,

 We experience a segfault in libvarnishapi while running varnishncsa. It
 seems that the log_ptr in vsl.c is beyond log_end.

 Command-line is:


 {{{
 /usr/bin/varnishncsa -F '---
 domain: %{VCL_Log:X-Backend}x
 remote_addr: %h
 x_forwarded_for: %{X-Forwarded-For}i
 hit_miss: %{Varnish:hitmiss}x
 bytes: %b
 status: %s
 request: %r
 host: %{host}i
 request_method: %m
 time_first_byte: %{Varnish:time_firstbyte}x
 http_referrer: %{Referrer}i
 http_user_agent: %{User-agent}i
 session_id: %{VCL_Log:X-SessionId}x
 cookie: %{Cookie}i
 ...'

 }}}

 Full backtrace is:


 {{{
 (gdb) bt
 #0  0x00007f3aeafcea86 in vsl_nextlog (vd=<value optimized out>,
 pp=0x7fffd61183e8, bits=0x7fffd61183e0) at vsl.c:174
 #1  VSL_NextLog (vd=<value optimized out>, pp=0x7fffd61183e8,
 bits=0x7fffd61183e0) at vsl.c:222
 #2  0x00007f3aeafcf31e in VSL_Dispatch (vd=0xcfd010, func=<value optimized
 out>, priv=0x7f3aeab8d780) at vsl.c:306
 #3  0x0000000000402784 in main (argc=3, argv=<value optimized out>) at
 varnishncsa.c:1554

 }}}

 Some more output from gdb:


 {{{
 (gdb) p vsl
 $2 = (struct vsl *) 0xcfd100
 (gdb) p *vsl
 $3 = {magic = 2050087736, log_start = 0x7f3ae050e5d4, log_end =
 0x7f3aea50e5d4, log_ptr = 0x7f3aea63209c, last_seq = 69513, r_fd = -1,
 rbuflen = 256, rbuf = 0xcfd770, b_opt = 0, c_opt = 1, d_opt = 0,
 flags = 0, vbm_client = 0xcfd1b0, vbm_backend = 0xcfd3e0, vbm_select =
 0xcfd6c0, vbm_supress = 0xcfd610, regflags = 0, regincl = 0x0, regexcl =
 0x0, num_matchers = 0, matchers = {vtqh_first = 0x0,
 vtqh_last = 0xcfd188}, skip = 0, keep = 0}

 }}}


 {{{
 (gdb) l vsl.c:174
 169                             return (-1);
 170                     *pp = vsl->rbuf;
 171                     return (1);
 172             }
 173             for (w = 0; w < TIMEOUT_USEC;) {
 174                     t = *vsl->log_ptr;
 175
 176                     if (t == VSL_WRAPMARKER) {
 177                             /* Wrap around not possible at front */
 178                             assert(vsl->log_ptr != vsl->log_start +
 1);

 }}}

 Note that it's a 3.0.3plus release

 Thanks,
 Thierry

-- 
Ticket URL: <https://www.varnish-cache.org/trac/ticket/1289>
Varnish <https://varnish-cache.org/>
The Varnish HTTP Accelerator

More information about the varnish-bugs mailing list