cURL / Mailing Lists / curl-library / Single Mail

curl-library

segfault in Curl_hostcache_prune

From: Jonathan Cobb <jonathan_at_kyuss.org>
Date: Fri, 09 Sep 2005 08:45:58 -0700

Hi all,

I'm writing an apache module that uses libcurl internally. We're using
the latest libcurl (1.14.1)

We allocate a curl handle using memory from a pool associated with the
http request. When we allocate the handle, we register a cleanup
function with the pool. So, when the request completes the pool cleanup
function is called, which then calls the curl_cleanup function.

Sometimes (infrequently and difficult to reproduce), a segfault occurs
in the cleanup. The backtrace is below, at the end of this message.

The segfault is caused by dereferencing a null pointer, in the
Curl_hostcache_prune function (in hostip.c):

void Curl_hostcache_prune(struct SessionHandle *data)
{
time_t now;

   if((data->set.dns_cache_timeout == -1) || !data->hostcache)
     /* cache forever means never prune, and NULL hostcache means
        we can't do it */
     return;
...
}

Somehow, the "data" pointer is null. I added
if (!data || ...)
to the first "if" check and I'm thinking this will make it go away.

But I'm wondering if this is the right thing to do. Under what
conditions would this pointer be null? Also, I have a suspicion that
maybe our cleanup is getting called twice - if that were the case, could
that cause the data pointer to be null?

Any/all help is much appreciated. If there's more info I can provide to
help just let me know.

Thanks,

- jonathan

---- backtrace --------------------------------------------------
(gdb) bt
#0 Curl_hostcache_prune (data=0x0) at hostip.c:260
#1 0x00422e27 in Curl_disconnect (conn=0x92400f0) at url.c:1422
#2 0x004232be in ConnectionKillOne (data=0x9235598) at url.c:1678
#3 0x00421b95 in Curl_close (data=0x9235598) at url.c:204
#4 0x0041a83f in curl_cleanup (ctx=0x91d8740) at mod_px.c:363
#5 0x003fee6d in apr_pool_cleanup_run () from /usr/lib/libapr-0.so.0
#6 0x003fe5bd in apr_pool_destroy () from /usr/lib/libapr-0.so.0
#7 0x003fe578 in apr_pool_clear () from /usr/lib/libapr-0.so.0
#8 0x08066995 in child_main (child_num_arg=152930112) at
/usr/src/debug/httpd-2.0.46/server/mpm/prefork/prefork.c:613
#9 0x08066c34 in make_child (s=0x5, slot=49) at
/usr/src/debug/httpd-2.0.46/server/mpm/prefork/prefork.c:788
#10 0x08066ed9 in perform_idle_server_maintenance (p=0x90740a8) at
/usr/src/debug/httpd-2.0.46/server/mpm/prefork/prefork.c:923
#11 0x08067570 in ap_mpm_run (_pconf=0x1c, plog=0x909e150, s=0x0) at
/usr/src/debug/httpd-2.0.46/server/mpm/prefork/prefork.c:1118
#12 0x0806da4f in main (argc=1, argv=0xbfff9dc4) at
/usr/src/debug/httpd-2.0.46/server/main.c:661
Received on 2005-09-09

This message: [ Message body ]
Next message: John F. Kelly: "Re: AF_UNSPEC and bind()"
Previous message: Gisle Vanem: "AF_UNSPEC and bind()"
Next in thread: Daniel Stenberg: "Re: segfault in Curl_hostcache_prune"
Reply: Daniel Stenberg: "Re: segfault in Curl_hostcache_prune"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]