[
https://issues.apache.org/jira/browse/AXIS2C-1659?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Lazarski resolved AXIS2C-1659.
-------------------------------------
Fix Version/s: 2.0.0
(was: 1.7.0)
Resolution: Fixed
In multi-threaded environments (e.g., Apache with mpm_worker), a
segmentation fault could occur in axutil_hash_find_entry() when the
hash table pointer or its internal array was NULL.
Fix: Add NULL checks to the public hash table functions:
- axutil_hash_get(): Return NULL if ht, key, or ht->array is NULL
- axutil_hash_set(): Return early if ht, key, or ht->array is NULL
- axutil_hash_count(): Return 0 if ht is NULL
- axutil_hash_first(): Return NULL if ht is NULL
These defensive checks prevent crashes when hash tables are accessed
during concurrent initialization or cleanup in multi-threaded servers.
> Segmentation fault in axutil_hash_find_entry
> --------------------------------------------
>
> Key: AXIS2C-1659
> URL: https://issues.apache.org/jira/browse/AXIS2C-1659
> Project: Axis2-C
> Issue Type: Bug
> Components: util
> Affects Versions: 1.6.0
> Environment: SUSE Linux Enterprise Server 11 (x86_64)
> Apache 2.2.12
> Axis2/C (1.6.0)
> Reporter: Ilya Tutski
> Priority: Major
> Fix For: 2.0.0
>
>
> Sometimes segmentation fault is appeared in axutil_hash_find_entry (). Apache
> is compiled with mpm_worker and configured to run 1 process with 64 threads.
> Backtrace:
> Program terminated with signal 11, Segmentation fault.
> #0 0x00007f748c6d78eb in axutil_hash_find_entry () from
> /opt/ap/ext/axis2c_1.6.0/lib/libaxutil.so.0
> (gdb) bt
> #0 0x00007f748c6d78eb in axutil_hash_find_entry () from
> /opt/ap/ext/axis2c_1.6.0/lib/libaxutil.so.0
> #1 0x00007f748c6d7c2f in axutil_hash_set () from
> /opt/ap/ext/axis2c_1.6.0/lib/libaxutil.so.0
> #2 0x00007f748cd7baa9 in axis2_svc_grp_ctx_fill_svc_ctx_map () from
> /opt/ap/ext/axis2c_1.6.0/lib/libaxis2_engine.so.0
> #3 0x00007f748cd7bd25 in axis2_svc_grp_ctx_create () from
> /opt/ap/ext/axis2c_1.6.0/lib/libaxis2_engine.so.0
> #4 0x00007f748cd64aa0 in axis2_svc_grp_get_svc_grp_ctx () from
> /opt/ap/ext/axis2c_1.6.0/lib/libaxis2_engine.so.0
> #5 0x00007f748cd7c69b in axis2_conf_ctx_fill_ctxs () from
> /opt/ap/ext/axis2c_1.6.0/lib/libaxis2_engine.so.0
> #6 0x00007f748cd5ceef in axis2_ctx_handler_invoke () from
> /opt/ap/ext/axis2c_1.6.0/lib/libaxis2_engine.so.0
> #7 0x00007f748cd5a94e in axis2_phase_invoke () from
> /opt/ap/ext/axis2c_1.6.0/lib/libaxis2_engine.so.0
> #8 0x00007f748cd5d86e in axis2_engine_invoke_phases () from
> /opt/ap/ext/axis2c_1.6.0/lib/libaxis2_engine.so.0
> #9 0x00007f748cd5e0f3 in axis2_engine_receive () from
> /opt/ap/ext/axis2c_1.6.0/lib/libaxis2_engine.so.0
> #10 0x00007f748cfb4d60 in
> axis2_http_transport_utils_process_http_post_request () from
> /opt/ap/ext/axis2c_1.6.0/lib/libmod_axis2.so
> #11 0x00007f748cfb081f in axis2_apache2_worker_process_request () from
> /opt/ap/ext/axis2c_1.6.0/lib/libmod_axis2.so
> #12 0x00007f748cfae8a0 in axis2_handler () from
> /opt/ap/ext/axis2c_1.6.0/lib/libmod_axis2.so
> #13 0x0000000000449890 in ap_run_handler ()
> #14 0x000000000044a129 in ap_invoke_handler ()
> #15 0x0000000000483fb4 in ap_process_request ()
> #16 0x0000000000480f9c in ap_process_http_connection ()
> #17 0x0000000000452cee in ap_run_process_connection ()
> #18 0x0000000000453128 in ap_process_connection ()
> #19 0x000000000049ecb6 in process_socket ()
> #20 0x000000000049f569 in worker_thread ()
> #21 0x00007f748d73c7b6 in start_thread () from /lib64/libpthread.so.0
> #22 0x00007f748d293d6d in clone () from /lib64/libc.so.6
> #23 0x0000000000000000 in ?? ()
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
