https://issues.apache.org/bugzilla/show_bug.cgi?id=46688
Summary: Child segfault when mmaped file truncated
Product: Apache httpd-2
Version: 2.3-HEAD
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: Core
AssignedTo: [email protected]
ReportedBy: [email protected]
Created an attachment (id=23246)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=23246)
A test module to force file truncation before a request is handled
I'm seeing a child process segfault when:
1) mmap enabled
2) an output filter is looking at the response body (e.g. mod_deflate)
3) the file being served is truncated between the initial stat() and the
handler running
Apache does an mmap for the original file length and when the output filter
tries to read the mapped memory past where the current file ends, the child seg
faults.
The enableMMap documentation warns about possible seg faults when a mapped NFS
file is truncated, but I'm seeing this on a local file system.
I've reproduced this on Linux and z/OS, not sure about other platforms but it
seems likely to affect them too.
If nothing is actually looking at the response body before we send it, then
there's not a seg fault. The memory is passed to writev() and it seems to
catch the problem and return an error. Maybe this is the part that only fails
on NFS?
A file getting truncated in the middle of a request is unlikely to happen often
by chance, I suppose. I'll attach a test module from Jeff Trawick that forces
the truncation and makes this easy to reproduce.
I've thought about this some but haven't come up with a good approach to avoid
this problem. We could stat() the file again to see if it has shrunk, but
there will always be a window where it could be truncated between when we
stat() it and when we actually look at the data.
The consequences of not fixing it aren't too bad anyway -- Apache just logs the
child process failure and starts a new one.
Maybe the best we can do is add to the warning in the enableMMap documentation.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
