Hi again Willy,
Le 14/01/2014 00:51, Cyril Bonté a écrit :
I don't know if this is of any help because I don't have enough details
yet, but I jut reproduced segfaults while playing with the configuration
provided by Steve.
To reproduce it on my laptop, it's quite easy : generate a lot of
headers, and send the content of 404.html.
Here is a PHP script I used to emulate the check :
<?php
for ($i = 0; $i < 640; $i++) {
header("X-h$i: $i");
}
readfile("404.html");
?>
There's something strange in the values I sent to the debug output. In
bo_putblk(), the "half" variable could have a negative value, which then
segfaults when calling memcpy().
Now I can reproduce a segfault, I'll try to make some more tests
tomorrow (only after work). But I believe you'll already find the reason
before ;-)
Well, I couldn't leave my debug session in its current state.
Can you confirm that this patch could fix the issue ? I think this
prevents a buffer overflow when waiting for more data.
Currently, I can't reproduce segfaults anymore when applied.
Now it's time to sleep some hours ;-)
--
Cyril Bonté
diff --git a/src/checks.c b/src/checks.c
index 115cc85..abdc333 100644
--- a/src/checks.c
+++ b/src/checks.c
@@ -1031,7 +1031,7 @@ static void event_srv_chk_r(struct connection *conn)
done = 0;
- conn->xprt->rcv_buf(conn, check->bi, check->bi->size);
+ conn->xprt->rcv_buf(conn, check->bi, buffer_total_space(check->bi));
if (conn->flags & (CO_FL_ERROR | CO_FL_SOCK_RD_SH | CO_FL_DATA_RD_SH)) {
done = 1;
if ((conn->flags & CO_FL_ERROR) && !check->bi->i) {
