Bug 2858 - Segment violation in HTCP
Summary: Segment violation in HTCP
Status: RESOLVED FIXED
Alias: None
Product: Squid
Classification: Unclassified
Component: other (show other bugs)
Version: unspecified
Hardware: PC x86_64 (64-bit) Linux - All
: P2 major
Assignee: SQUID BUGS ALIAS
URL:
Depends on:
Blocks:
 
Reported: 2010-02-10 06:40 UTC by Kieran Whitbread
Modified: 2010-02-10 15:42 UTC (History)
1 user (show)

See Also:
Browser: ---
Fixed Versions:
Needs:


Attachments
add a check for a null pointer in htcp.cc in squid 3 stable 19 (455 bytes, patch)
2010-02-10 06:40 UTC, Kieran Whitbread
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Kieran Whitbread 2010-02-10 06:40:15 UTC
Created attachment 2112 [details]
add a check for a null pointer in htcp.cc in squid 3 stable 19

Our squid cache started crashing due to a segment violation. Patching the
htcp.cc file to check for a null pointer has fixed it (patch attached). This
bug still appears to be present in HEAD, although I could be wrong about that.

$ uname -svrmo
Linux 2.6.18-164.el5 #1 SMP Thu Sep 3 03:28:30 EDT 2009 x86_64 GNU/Linux
$ cat /etc/redhat-release 
CentOS release 5.3 (Final)


$ /usr/local/squid-3.0-STABLE19/sbin/squid -v       
Squid Cache: Version 3.0.STABLE19
configure options:  '--prefix=/usr/local/squid-3.0-STABLE19'
'--enable-storeio=ufs,aufs' '--enable-cache-digests'
'--enable-basic-auth-helpers=PAM' '--with-large-files' '--enable-icmp'
'--enable-removal-policies' '--enable-follow-x-forwarded-for' '--enable-htcp'
'--disable-ident-lookups' '--enable-delay-pools' '--enable-snmp'
'--with-filedescriptors=32768' '--with-default-user=squid'
'--enable-linux-netfilter'


# grep squid /var/log/messages
Jan 28 17:49:42 xxxx squid[13938]: Squid Parent: child process 13940 exited due
to signal 6
Jan 28 17:49:45 xxxx squid[13938]: Squid Parent: child process 12591 started


$ gdb /usr/local/squid/sbin/squid /var/log/squid/core.13940 
GNU gdb Fedora (6.8-37.el5)
[...]
#0  0x00000035fba30215 in raise () from /lib64/libc.so.6
(gdb) backtrace 
#0  0x00000035fba30215 in raise () from /lib64/libc.so.6
#1  0x00000035fba31cc0 in abort () from /lib64/libc.so.6
#2  0x00000000004bec87 in death (sig=<value optimized out>) at tools.cc:402
#3  <signal handler called>
#4  htcpAccessCheck (acl=0x4fbf560, s=0x5cfc160, from=0x7dd9f0) at htcp.cc:867
#5  0x000000000046abef in htcpHandleData (buf=<value optimized out>, sz=132,
from=0x7dd9f0) at htcp.cc:1301
#6  0x000000000046b2c9 in htcpRecv (fd=25, data=<value optimized out>) at
htcp.cc:1472
#7  0x000000000043e9cf in comm_select (msec=<value optimized out>) at
comm_epoll.cc:302
#8  0x00000000004ceb1a in CommSelectEngine::checkEvents (this=<value optimized
out>, timeout=10) at comm.cc:2551
#9  0x000000000045242e in EventLoop::checkEngine (this=0x7fffa72869e0,
engine=0x7fffa7286a60, primary=240)
   at EventLoop.cc:50
#10 0x00000000004525af in EventLoop::runOnce (this=0x7fffa72869e0) at
EventLoop.cc:124
#11 0x00000000004526f8 in EventLoop::run (this=0x7fffa72869e0) at
EventLoop.cc:100
#12 0x00000000004868f6 in main (argc=<value optimized out>, argv=<value
optimized out>) at main.cc:1334
Comment 1 Amos Jeffries 2010-02-10 15:42:30 UTC
Thank you.
Applied to Squid-3.