Bin Chen created TS-1605:
----------------------------
Summary: crash at mime_parse_int64
Key: TS-1605
URL: https://issues.apache.org/jira/browse/TS-1605
Project: Traffic Server
Issue Type: Bug
Components: HTTP, MIME
Reporter: Bin Chen
{code}
#0 0x0000000000610f76 in mime_parse_int64 (buf=0x3fb <Address 0x3fb out of
bounds>,
end=0x380f74 <Address 0x380f74 out of bounds>) at MIME.cc:3076
��/usr/src/debug/trafficserver-3.2.0/proxy/hdrs/MIME.cc:3076:106103:beg:0x610f76
Missing separate debuginfos, use: debuginfo-install expat-2.0.1-9.1.el6.x86_64
glibc-2.12-1.47.el6.x86_64 keyutils-libs-1.4-3.el6.x86_64
krb5-libs-1.9-22.el6.x86_64 libcom_err-1.41.12-11.el6.x86_64
libgcc-4.4.6-3.el6.x86_64 libselinux-2.0.94-5.2.el6.x86_64
libstdc++-4.4.6-3.el6.x86_64 ncurses-libs-5.7-3.20090208.el6.x86_64
openssl-1.0.0-20.el6.x86_64 pcre-7.8-3.1.el6.x86_64 readline-6.0-3.el6.x86_64
tcl-8.5.7-6.el6.x86_64 xz-libs-4.999.9-0.3.beta.20091007git.el6.x86_64
zlib-1.2.3-27.el6.x86_64
(gdb) bt
#0 0x0000000000610f76 in mime_parse_int64 (buf=0x3fb <Address 0x3fb out of
bounds>,
end=0x380f74 <Address 0x380f74 out of bounds>) at MIME.cc:3076
#1 0x000000000060d7a6 in mime_field_value_get_int64 (field=0x2af6853bfdd0) at
MIME.cc:1694
#2 0x000000000057d41c in MIMEHdr::value_get_int64 (this=0x2af6853bf5c8,
name=0x2db7388 "Age", name_length=3)
at ../../proxy/hdrs/MIME.h:1217
#3 0x00000000005a9230 in MIMEHdr::get_age (this=0x2af6853bf5c8) at
../../proxy/hdrs/MIME.h:1356
#4 0x00000000005aac0b in HttpTransactHeaders::calculate_document_age
(request_time=1353920547, response_time=1353920547,
base_response=0x2af6853bf5c8, base_response_date=1352509636,
now=1354258269) at HttpTransactHeaders.cc:400
#5 0x0000000000581d73 in HttpTransactCache::SelectFromAlternates
(cache_vector=0x2af5f0a057c0,
client_request=0x2af5f0a05780, http_config_params=0x2af6005fda30) at
HttpTransactCache.cc:221
#6 0x0000000000692c34 in CacheVC::openReadStartHead (this=0x2af5f0a056c0,
event=3900, e=0x0) at CacheRead.cc:1019
#7 0x00000000004e6fae in Continuation::handleEvent (this=0x2af5f0a056c0,
event=3900, data=0x0)
at ../iocore/eventsystem/I_Continuation.h:146
#8 0x00000000006717e2 in CacheVC::handleReadDone (this=0x2af5f0a056c0,
event=3900, e=0x2af5f0a05840) at Cache.cc:1952
#9 0x00000000004e6fae in Continuation::handleEvent (this=0x2af5f0a056c0,
event=3900, data=0x2af5f0a05840)
at ../iocore/eventsystem/I_Continuation.h:146
#10 0x00000000006761cc in AIOCallbackInternal::io_complete
(this=0x2af5f0a05840, event=1, data=0x2af79c001420)
at ../../iocore/aio/P_AIO.h:80
#11 0x00000000004e6fae in Continuation::handleEvent (this=0x2af5f0a05840,
event=1, data=0x2af79c001420)
at ../iocore/eventsystem/I_Continuation.h:146
#12 0x00000000006d99b8 in EThread::process_event (this=0x2af4f84e6010,
e=0x2af79c001420, calling_code=1)
at UnixEThread.cc:189
#13 0x00000000006d9b86 in EThread::execute (this=0x2af4f84e6010) at
UnixEThread.cc:240
#14 0x00000000006d89e7 in spawn_thread_internal (a=0x2af4fc603b00) at
Thread.cc:88
#15 0x00000034bfc077f1 in start_thread () from /lib64/libpthread.so.0
#16 0x00000034bf8e570d in clone () from /lib64/libc.so.6
(gdb) f 0
#0 0x0000000000610f76 in mime_parse_int64 (buf=0x3fb <Address 0x3fb out of
bounds>,
end=0x380f74 <Address 0x380f74 out of bounds>) at MIME.cc:3076
��/usr/src/debug/trafficserver-3.2.0/proxy/hdrs/MIME.cc:3076:106103:beg:0x610f76
(gdb) l
3071 bool negative;
3072
3073 if (!buf || (buf == end))
3074 return 0;
3075
3076 if (is_digit(*buf)) // fast case
3077 {
3078 num = *buf++ - '0';
3079 while ((buf != end) && is_digit(*buf))
3080 num = (num * 10) + (*buf++ - '0');
(gdb) p buf
$1 = 0x3fb <Address 0x3fb out of bounds>
{code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
