Re: Broken: apache/httpd#1862 (2.4.x - b15b9a5)

Ruediger Pluem Fri, 03 Sep 2021 02:57:46 -0700

On 9/3/21 11:17 AM, Travis CI wrote:
> apache
> 
> /
> 
> httpd
> 
> <https://app.travis-ci.com/github/apache/httpd?utm_medium=notification&utm_source=email>
> 
> branch icon2.4.x <https://github.com/apache/httpd/tree/2.4.x>
> 
> build has failed
> Build #1862 was broken 
> <https://app.travis-ci.com/github/apache/httpd/builds/236874643?utm_medium=notification&utm_source=email>
> arrow to build time
> clock icon26 mins and 38 secs
> 

It is a read after free in mod_http2. Do we miss a backport?

==64184==ERROR: AddressSanitizer: heap-use-after-free on address 0x62500dcca9a0 
at pc 0x7fe9704ad024 bp 0x7fe952100d30 sp
0x7fe952100d20

READ of size 4 at 0x62500dcca9a0 thread T54

    #0 0x7fe9704ad023 in mst_check_data_for 
/home/travis/build/apache/httpd/modules/http2/h2_mplx.c:618

    #1 0x7fe9704b1807 in s_task_done 
/home/travis/build/apache/httpd/modules/http2/h2_mplx.c:811

    #2 0x7fe9704b1807 in h2_mplx_s_task_done 
/home/travis/build/apache/httpd/modules/http2/h2_mplx.c:842

    #3 0x7fe9704f0cd7 in slot_run 
/home/travis/build/apache/httpd/modules/http2/h2_workers.c:245

    #4 0x7fe974fba47a in dummy_worker threadproc/unix/thread.c:147

    #5 0x7fe974f2d608 in start_thread 
(/lib/x86_64-linux-gnu/libpthread.so.0+0x9608)

    #6 0x7fe974e54292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)

0x62500dcca9a0 is located 160 bytes inside of 8192-byte region 
[0x62500dcca900,0x62500dccc900)

freed by thread T59 here:

    #0 0x7fe9751ed7cf in __interceptor_free 
(/lib/x86_64-linux-gnu/libasan.so.5+0x10d7cf)

    #1 0x7fe974f97926 in allocator_free memory/unix/apr_pools.c:492

    #2 0x7fe974f97926 in apr_pool_destroy memory/unix/apr_pools.c:1026

    #3 0x7fe9704ab589 in m_stream_destroy_iter 
/home/travis/build/apache/httpd/modules/http2/h2_mplx.c:316

    #4 0x7fe974f7a025 in apr_hash_do tables/apr_hash.c:542

    #5 0x7fe9704ea299 in h2_ihash_iter 
/home/travis/build/apache/httpd/modules/http2/h2_util.c:283

    #6 0x7fe9704b415f in m_purge_streams 
/home/travis/build/apache/httpd/modules/http2/h2_mplx.c:324

    #7 0x7fe9704b415f in m_purge_streams 
/home/travis/build/apache/httpd/modules/http2/h2_mplx.c:320

    #8 0x7fe9704b415f in h2_mplx_m_dispatch_master_events 
/home/travis/build/apache/httpd/modules/http2/h2_mplx.c:1098

    #9 0x7fe9704cd643 in dispatch_master 
/home/travis/build/apache/httpd/modules/http2/h2_session.c:2078

    #10 0x7fe9704cd643 in h2_session_process 
/home/travis/build/apache/httpd/modules/http2/h2_session.c:2278

    #11 0x7fe97049336c in h2_conn_run 
/home/travis/build/apache/httpd/modules/http2/h2_conn.c:214

    #12 0x7fe9704a7ace in h2_h2_process_conn 
/home/travis/build/apache/httpd/modules/http2/h2_h2.c:631

    #13 0x7fe9704a7ace in h2_h2_process_conn 
/home/travis/build/apache/httpd/modules/http2/h2_h2.c:549

    #14 0x56201065b6be in ap_run_process_connection 
/home/travis/build/apache/httpd/server/connection.c:42

    #15 0x56201069b6ef in process_socket 
/home/travis/build/apache/httpd/server/mpm/event/event.c:1053

    #16 0x56201069d367 in worker_thread 
/home/travis/build/apache/httpd/server/mpm/event/event.c:2142

    #17 0x7fe974fba47a in dummy_worker threadproc/unix/thread.c:147

    #18 0x7fe974f2d608 in start_thread 
(/lib/x86_64-linux-gnu/libpthread.so.0+0x9608)



Regards

Rüdiger
Re: Broken: apache/httpd#1862 (2.4.x - b15b9a5)

Reply via email to
