Hi, I have found a reproducible way to segfault a mod_perled httpd.
My environment:
httpd 2.2.3
mpm worker
mod_perl 2.0.3
perl 5.8.8 (Suse linux 10.2)
and my httpd.conf
------------------------------------------------------------------------
LoadModule log_config_module "/opt/apache22-worker/libexec/mod_log_config.so"
LoadModule mime_module "/opt/apache22-worker/libexec/mod_mime.so"
LoadModule dir_module "/opt/apache22-worker/libexec/mod_dir.so"
LoadModule perl_module "/opt/apache22-worker/libexec/mod_perl.so"
PerlPassEnv APACHE_TEST_TRACE_LEVEL
PerlPassEnv HARNESS_PERL_SWITCHES
User "r2"
Group "users"
ServerName localhost:8529
Listen 0.0.0.0:8529
ServerRoot "/home/r2/work/arvato/Apache2-Translation/t"
DocumentRoot "/home/r2/work/arvato/Apache2-Translation/t/htdocs"
PidFile /home/r2/work/arvato/Apache2-Translation/t/logs/httpd.pid
ErrorLog /home/r2/work/arvato/Apache2-Translation/t/logs/error_log
LogLevel debug
TransferLog /home/r2/work/arvato/Apache2-Translation/t/logs/access_log
ServerAdmin [EMAIL PROTECTED]
#needed for http/1.1 testing
KeepAlive On
HostnameLookups Off
<Directory />
Options FollowSymLinks
</Directory>
LockFile /home/r2/work/arvato/Apache2-Translation/t/logs/accept.lock
StartServers 1
MinSpareThreads 1
MaxSpareThreads 1
ThreadsPerChild 1
MaxClients 2
MaxRequestsPerChild 0
<Perl>
package TestConfig;
use strict;
use Apache2::RequestRec;
use Apache2::RequestIO;
use Apache2::RequestUtil;
use Apache2::CmdParms;
use Apache2::Directive;
use Apache2::Module;
use Apache2::Const -compile=>qw{OK};
Apache2::Module::add( __PACKAGE__, [{name=>'TestHandlerConfig'}] );
sub TestHandlerConfig {}
sub handler {
my $r=shift;
$r->content_type('text/plain');
$r->print( "OK\n" );
return Apache2::Const::OK;
}
</Perl>
PerlInterpScope handler
#PerlFixupHandler "sub {$_[0]->add_config([q{Options Indexes}]); return
Apache2::Const::DECLINED;}"
PerlFixupHandler "sub {$_[0]->add_config([q{TestHandlerConfig 20}]); return
Apache2::Const::DECLINED;}"
<Location /xxx>
SetHandler modperl
PerlResponseHandler TestConfig
# TestHandlerConfig 20
</Location>
------------------------------------------------------------------------
Now, when /xxx is accessed httpd dumps core each other time. A stack trace
says:
#0 0xb7f7f410 in ?? ()
#1 0xbfd64878 in ?? ()
#2 0x00000001 in ?? ()
#3 0xbfd64873 in ?? ()
#4 0xb7d9a02b in __read_nocancel () from /lib/libpthread.so.0
#5 0x08092d59 in ap_mpm_pod_check (pod=0x81fbd20) at pod.c:54
#6 0x08090748 in child_main (child_num_arg=0) at worker.c:1258
#7 0x080908f4 in make_child (s=0x80b7f48, slot=0) at worker.c:1341
#8 0x08090a29 in startup_children (number_to_start=1) at worker.c:1375
#9 0x08091292 in ap_mpm_run (_pconf=0x80b60a8, plog=0x80e4160, s=0x80b7f48) at
worker.c:1725
#10 0x08062b7e in main (argc=5, argv=0xbfd64b14) at main.c:717
Line 54 of pod.c looks quite innocent:
rc = read(fd, &c, 1);
So, what is important for the bug?
1) PerlInterpScope handler: without it no segfaults
2) Access /xxx not /index.html. /index.html works normal, no segfaults
3) The fixup handler must set TestHandlerConfig, not some built-in statements
like Options
4) It can also be a maptostorage handler
Any hint where to look?
Torsten
pgpMEignafIJo.pgp
Description: PGP signature
