Download
Browse source Changelog
Documentation
Project   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users curl-announce curl-commits Etiquette
Development
Autobuilds Code Style Contribute Internals Release Notes Release Procedure Roadmap Run Tests Security Specifications Test curl
News
Changelog Release table
curl / Mailing Lists / curl-library / Single Mail

curl-library

Re: Curl_resolv_timeout SEGV in MT

From: Taehwan Weon <taehwan.weon_at_gmail.com>
Date: Wed, 25 Jan 2017 12:40:57 +0900

Hi,
Did you include the configuration option, "--enable-threaded-resolver" ?
I had such a problem, but fixed after building with the option.

Good luck.

2017-01-25 6:27 GMT+09:00 Pawel Veselov <pawel.veselov_at_gmail.com>:

> Hi.
>
> I've been seeing libcurl failing, somewhat consistently, at
> Curl_resolv_timeout.
>
> The "data" local variable seems to come up changed after longjmp returns.
>
> (gdb) bt
> #0 Curl_resolv_timeout (conn=0x7ffe5002d770, hostname=0x7ffff6efb3c0
> <X509_NAME_ENTRY_it> "\001", port=0x7fff, entry=0x7ffe50013930,
> timeoutms=0x7ffff6b9b4dd) at hostip.c:622
> ...
> (gdb) print data
> $10 = (struct Curl_easy *) 0x770000006e
> (gdb) print *data
> Cannot access memory at address 0x770000006e
> (gdb) print conn->data
> $12 = (struct Curl_easy *) 0x7ffe5002db40
> (gdb) print &data
> $13 = (struct Curl_easy **) 0x7ffe68ff8380
> (gdb) print *(void**)0x7ffe68ff8380
> $14 = (void *) 0x770000006e
> (gdb) info registers
> rax 0x1 0x1
> rbx 0x7fff30017e7c 0x7fff30017e7c
> rcx 0x7ffff659b8a0 0x7ffff659b8a0
> rdx 0x7ffff7b35a76 0x7ffff7b35a76
> rsi 0x1 0x1
> rdi 0x7ffff7ddac60 0x7ffff7ddac60
> rbp 0x7ffe68ff83a0 0x7ffe68ff83a0
> rsp 0x7ffe68ff81f0 0x7ffe68ff81f0
> r8 0x7ffe68ff81f0 0x7ffe68ff81f0
> r9 0x7ffe68ff83a0 0x7ffe68ff83a0
> r10 0x8 0x8
> r11 0x246 0x246
> r12 0x1 0x1
> r13 0x7ffe68ff99c0 0x7ffe68ff99c0
> r14 0x7ffe68ff9700 0x7ffe68ff9700
> r15 0x0 0x0
> rip 0x7ffff7b35a7a 0x7ffff7b35a7a <Curl_resolv_timeout+285>
> eflags 0x202 [ IF ]
> cs 0x33 0x33
> ss 0x2b 0x2b
> ds 0x0 0x0
> es 0x0 0x0
> fs 0x0 0x0
> gs 0x0 0x0
>
> I quite don't like the fact that the signal seems to interrupt the "wrong"
> thread. Or interrupted the thread too late:
>
> (gdb) bt
> #0 Curl_resolv_timeout (conn=0x7ffe5002d770, hostname=0x7ffff6efb3c0
> <X509_NAME_ENTRY_it> "\001", port=0x7fff, entry=0x7ffe50013930,
> timeoutms=0x7ffff6b9b4dd) at hostip.c:622
> #1 0x00007ffe68ff9700 in ?? ()
> #2 0x000000000000007c in ?? ()
> #3 0x00007ffff7baf833 in ?? () from /mnt/xl4/100k/runtime/curl/
> lib/libcurl.so
> #4 0x0000000000000001 in ?? ()
> #5 0x00007ffff71b83da in xmlCharEncInput () from /usr/lib64/libxml2.so.2
> #6 0x00007ffff6c163a2 in int_thread_release (hash=0x1d5f6c13f51) at
> err.c:469
> #7 0x00007ffff6c166b5 in int_thread_del_item (d=<optimized out>) at
> err.c:542
> #8 0x00007ffff6c170cd in ERR_remove_thread_state (id=<optimized out>)
> at err.c:994
> #9 0x00007ffe68ff9700 in ?? ()
> #10 0x00007ffe68ff8760 in ?? ()
> #11 0x00007ffff7b6f1c1 in curl_dofree (ptr=0xffffffffffffffff,
> line=0xffffffff, source=0xffffffffffffffff <Address 0xffffffffffffffff
> out of bounds>) at memdebug.c:337
> Backtrace stopped: previous frame inner to this frame (corrupt stack?)
>
> There are no threads that have their stack traces in Curl_resolv, which
> should be the location when the alarm goes off. Note that I compiled
> libcurl
> without thread resolver. The same exact problem happens when thread
> resolver
> is on, however. The stack trace typically leads into some other thread as
> well.
>
> This failure is consistent, that is if I break inside the setjmp return,
> it always fails (the value of 'data' pointer is wrong)
>
> This is on 4.4.41-35.53 kernel, 2.17-106.168 glibc (AWS Linux). The same
> happens on my Fedora desktop, different kernel/glibc versions.
>
> It also looks that the whole alarm functionality, even if threaded resolver
> is used, is not MT safe because of shared setjmp buffer, and the fact that
> the waiting (actual setjmp/longjmp calls) is done on the calling thread. Or
> am I missing something here?
>
> Thank you,
> Pawel.
> -------------------------------------------------------------------
> Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
> Etiquette: https://curl.haxx.se/mail/etiquette.html 

-- 
*원 태환*ㅣ 부사장/COO
(주)솔박스
서울특별시 서초구 서초대로 77길 55  에이프로스퀘어 13층
*T* 02-2182-3600     *F* 02-2058-2651
*M* 010-3335-8258  *E* weon_at_solbox.com

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2017-01-25