> Am 03.09.2021 um 11:57 schrieb Ruediger Pluem <rpl...@apache.org>:
>
>
>
> On 9/3/21 11:17 AM, Travis CI wrote:
>> apache
>>
>> /
>>
>> httpd
>>
>> <https://app.travis-ci.com/github/apache/httpd?utm_medium=notification&utm_source=email>
>>
>> branch icon2.4.x <https://github.com/apache/httpd/tree/2.4.x>
>>
>> build has failed
>> Build #1862 was broken
>> <https://app.travis-ci.com/github/apache/httpd/builds/236874643?utm_medium=notification&utm_source=email>
>> arrow to build time
>> clock icon26 mins and 38 secs
>>
>
> It is a read after free in mod_http2. Do we miss a backport?
Yes. It was a "wait and see what travis says" and then never picked up.
> ==64184==ERROR: AddressSanitizer: heap-use-after-free on address
> 0x62500dcca9a0 at pc 0x7fe9704ad024 bp 0x7fe952100d30 sp
> 0x7fe952100d20
>
> READ of size 4 at 0x62500dcca9a0 thread T54
>
> #0 0x7fe9704ad023 in mst_check_data_for
> /home/travis/build/apache/httpd/modules/http2/h2_mplx.c:618
>
> #1 0x7fe9704b1807 in s_task_done
> /home/travis/build/apache/httpd/modules/http2/h2_mplx.c:811
>
> #2 0x7fe9704b1807 in h2_mplx_s_task_done
> /home/travis/build/apache/httpd/modules/http2/h2_mplx.c:842
>
> #3 0x7fe9704f0cd7 in slot_run
> /home/travis/build/apache/httpd/modules/http2/h2_workers.c:245
>
> #4 0x7fe974fba47a in dummy_worker threadproc/unix/thread.c:147
>
> #5 0x7fe974f2d608 in start_thread
> (/lib/x86_64-linux-gnu/libpthread.so.0+0x9608)
>
> #6 0x7fe974e54292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)
>
> 0x62500dcca9a0 is located 160 bytes inside of 8192-byte region
> [0x62500dcca900,0x62500dccc900)
>
> freed by thread T59 here:
>
> #0 0x7fe9751ed7cf in __interceptor_free
> (/lib/x86_64-linux-gnu/libasan.so.5+0x10d7cf)
>
> #1 0x7fe974f97926 in allocator_free memory/unix/apr_pools.c:492
>
> #2 0x7fe974f97926 in apr_pool_destroy memory/unix/apr_pools.c:1026
>
> #3 0x7fe9704ab589 in m_stream_destroy_iter
> /home/travis/build/apache/httpd/modules/http2/h2_mplx.c:316
>
> #4 0x7fe974f7a025 in apr_hash_do tables/apr_hash.c:542
>
> #5 0x7fe9704ea299 in h2_ihash_iter
> /home/travis/build/apache/httpd/modules/http2/h2_util.c:283
>
> #6 0x7fe9704b415f in m_purge_streams
> /home/travis/build/apache/httpd/modules/http2/h2_mplx.c:324
>
> #7 0x7fe9704b415f in m_purge_streams
> /home/travis/build/apache/httpd/modules/http2/h2_mplx.c:320
>
> #8 0x7fe9704b415f in h2_mplx_m_dispatch_master_events
> /home/travis/build/apache/httpd/modules/http2/h2_mplx.c:1098
>
> #9 0x7fe9704cd643 in dispatch_master
> /home/travis/build/apache/httpd/modules/http2/h2_session.c:2078
>
> #10 0x7fe9704cd643 in h2_session_process
> /home/travis/build/apache/httpd/modules/http2/h2_session.c:2278
>
> #11 0x7fe97049336c in h2_conn_run
> /home/travis/build/apache/httpd/modules/http2/h2_conn.c:214
>
> #12 0x7fe9704a7ace in h2_h2_process_conn
> /home/travis/build/apache/httpd/modules/http2/h2_h2.c:631
>
> #13 0x7fe9704a7ace in h2_h2_process_conn
> /home/travis/build/apache/httpd/modules/http2/h2_h2.c:549
>
> #14 0x56201065b6be in ap_run_process_connection
> /home/travis/build/apache/httpd/server/connection.c:42
>
> #15 0x56201069b6ef in process_socket
> /home/travis/build/apache/httpd/server/mpm/event/event.c:1053
>
> #16 0x56201069d367 in worker_thread
> /home/travis/build/apache/httpd/server/mpm/event/event.c:2142
>
> #17 0x7fe974fba47a in dummy_worker threadproc/unix/thread.c:147
>
> #18 0x7fe974f2d608 in start_thread
> (/lib/x86_64-linux-gnu/libpthread.so.0+0x9608)
>
>
>
> Regards
>
> RĂ¼diger
