[jira] [Created] (TS-3112) core dump in FetchSM.cc

Fri, 03 Oct 2014 06:26:02 -0700 

Sudheer Vinukonda created TS-3112:
-------------------------------------

             Summary: core dump in FetchSM.cc
                 Key: TS-3112
                 URL: https://issues.apache.org/jira/browse/TS-3112
             Project: Traffic Server
          Issue Type: Bug
          Components: SPDY
            Reporter: Sudheer Vinukonda


We see core dumps from FetchSM::InvokePluginExt () due to a missing null 
pointer check for contp. A simple fix is to check for null pointer after 
handleEvent(TS_FETCH_EVENT_EXT_HEAD_DONE). 

gdb stack trace and some  other relavant info:

{code}
(gdb) bt
#0  0x00000000004f4ec4 in Continuation::handleEvent (this=0x0, event=-4, 
data=0x2b86e0b2fe40) at ../iocore/eventsystem/I_Continuation.h:146
#1  0x00000000004f338c in FetchSM::InvokePluginExt (this=0x2b86e0b2fe40, 
fetch_event=0) at FetchSM.cc:297
#2  0x00000000004f3b80 in FetchSM::process_fetch_read (this=0x2b86e0b2fe40, 
event=100) at FetchSM.cc:442
#3  0x00000000004f3ee5 in FetchSM::fetch_handler (this=0x2b86e0b2fe40, 
event=100, edata=0x2b87802bde80) at FetchSM.cc:504
#4  0x00000000004f4f18 in Continuation::handleEvent (this=0x2b86e0b2fe40, 
event=100, data=0x2b87802bde80) at ../iocore/eventsystem/I_Continuation.h:146
#5  0x0000000000530f69 in PluginVC::process_read_side (this=0x2b87802bdd80, 
other_side_call=true) at PluginVC.cc:671
#6  0x00000000005307fe in PluginVC::process_write_side (this=0x2b87802bdf68, 
other_side_call=false) at PluginVC.cc:567
#7  0x000000000052f5a0 in PluginVC::main_handler (this=0x2b87802bdf68, event=1, 
data=0x2b87c00eaba0) at PluginVC.cc:212
#8  0x00000000004f4f18 in Continuation::handleEvent (this=0x2b87802bdf68, 
event=1, data=0x2b87c00eaba0) at ../iocore/eventsystem/I_Continuation.h:146
#9  0x0000000000753b66 in EThread::EThread (this=0x2b87802bdf68, att=11142, 
e=0x754501, sem=0x2b86ac48bc00) at UnixEThread.cc:105
#10 0x0000000000753d34 in EThread::process_event (this=0x0, e=0x2b86616159c0, 
calling_code=328784145) at UnixEThread.cc:141
#11 0x00000000007530c4 in Thread::Thread (this=0x16201c0) at Thread.cc:45
#12 0x00002b8657b77851 in start_thread () from /lib64/libpthread.so.0
#13 0x000000305eee894d in clone () from /lib64/libc.so.6
(gdb) frame 1
#1  0x00000000004f338c in FetchSM::InvokePluginExt (this=0x2b86e0b2fe40, 
fetch_event=0) at FetchSM.cc:297
297     FetchSM.cc: No such file or directory.
        in FetchSM.cc
(gdb) print contp
$1 = (Continuation *) 0x0
(gdb) print *this
$2 = {<Continuation> = {<force_VFPT_to_top> = {_vptr.force_VFPT_to_top = 
0x761510}, handler = (int (Continuation::*)(Continuation *, int, 
    void *)) 0x4f3e52 <FetchSM::fetch_handler(int, void*)>, mutex = {m_ptr = 
0x2b86e42bb0e0}, link = {<SLink<Continuation>> = {next = 0x0}, prev = 0x0}}, 
recursion = 1, 
  http_vc = 0x2b87802bdd80, read_vio = 0x2b87802bde80, write_vio = 
0x2b87802bdec8, req_buffer = 0x2b8859bc4650, req_reader = 0x2b8859bc4668, 
client_response = 0x0, client_bytes = 0, 
  resp_buffer = 0x2b87f40a7ec0, resp_reader = 0x2b87f40a7ed8, contp = 0x0, 
cont_mutex = {m_ptr = 0x0}, http_parser = {m_parsing_http = false, 
m_mime_parser = {m_scanner = {m_line = 0x0, 
        m_line_length = 0, m_line_size = 0, m_state = MIME_PARSE_BEFORE}, 
m_field = 0, m_field_flags = 0, m_value = -1}}, client_response_hdr = 
{<MIMEHdr> = {<HdrHeapSDKHandle> = {
        m_heap = 0x2b87863a9810}, m_mime = 0x2b87863a98c8}, m_http = 
0x2b87863a9898, m_url_cached = {<HdrHeapSDKHandle> = {m_heap = 0x0}, m_url_impl 
= 0x0}, m_host_mime = 0x0, 
    m_host_length = 0, m_port = 0, m_target_cached = false, m_target_in_url = 
false, m_port_in_header = false, static USE_HDR_HEAP_MAGIC = 0x1}, 
chunked_handler = {
    static DEFAULT_MAX_CHUNK_SIZE = 4096, action = 
ChunkedHandler::ACTION_DOCHUNK, chunked_reader = 0x0, dechunked_buffer = 0x0, 
dechunked_size = 0, dechunked_reader = 0x0, 
    chunked_buffer = 0x0, chunked_size = 0, truncation = false, skip_bytes = 0, 
state = ChunkedHandler::CHUNK_READ_CHUNK, cur_chunk_size = 0, bytes_left = 0, 
last_server_event = 0, 
    running_sum = 0, num_digits = 0, max_chunk_size = 4096, max_chunk_header = 
'\000' <repeats 15 times>, max_chunk_header_len = 0}, callback_events = 
{success_event_id = 0, 
    failure_event_id = 0, timeout_event_id = 0}, callback_options = 
NO_CALLBACK, req_finished = true, header_done = true, resp_finished = false, 
is_internal_request = false, _addr = {sa = {
      sa_family = 2, sa_data = "\311@H\240\234o\000\000\000\000\000\000\000"}, 
sin = {sin_family = 2, sin_port = 16585, sin_addr = {s_addr = 1872535624}, 
      sin_zero = "\000\000\000\000\000\000\000"}, sin6 = {sin6_family = 2, 
sin6_port = 16585, sin6_flowinfo = 1872535624, sin6_addr = {__in6_u = 
{__u6_addr8 = '\000' <repeats 15 times>, 
          __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, 
sin6_scope_id = 0}}, resp_is_chunked = 0, resp_received_close = 0, fetch_flags 
= 22, 
  user_data = 0x2b87408b4260, has_sent_header = true, req_method = 
TS_FETCH_METHOD_GET, req_content_length = 0, resp_content_length = 289, 
resp_received_body_len = 0}
(gdb) 
{code}




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to