Hi Hogan, On Wed, Nov 24, 2010 at 09:33:37PM +0800, Hogan Yu wrote: > Hi Willy, > I send you an dump core file and I sure that we have some free memory on > our platform.
Thank you very much for your core. I could find the issue and indeed it's not related to a memory shortage, which was the issue I first encountered when trying your config. The issue comes from the mixing of cookies in indirect mode and appsession. The bug is that the indirect cookie is removed but 3 pointers that point to the attribute of the next cookies are not updated after the removal, and they are used by the appsession code. One length computation can get wrong and cause a memcpy() to be called with a negative value, thus crashing the process. I have issued a critical fix for this, I'd like you to give it a try : http://git.1wt.eu/web?p=haproxy-1.4.git;a=commitdiff_plain;h=c5f374 In my tests the problem is correctly solved. Once you confirm the issue is gone, I'll release 1.4.10 with it. In the mean time, if there are any user mixing cookies + appsession, I strongly encourage them to disable the "indirect" keyword on the cookie line, or to disable either of the two mechanisms until they upgrade to 1.4.10. I know that 1.5-dev3 is affected too, though it's a development version so it's less critical. I don't know for older 1.4 versions nor for 1.3. Cheers, Willy
