[jira] [Created] (TS-3867) traffic_server seg faults in qsort call inside SSLContextStorage destructor

[Steven Feltner (JIRA)]

Steven Feltner created TS-3867:
----------------------------------

             Summary: traffic_server seg faults in qsort call inside 
SSLContextStorage destructor
                 Key: TS-3867
                 URL: https://issues.apache.org/jira/browse/TS-3867
             Project: Traffic Server
          Issue Type: Bug
          Components: Configuration, SSL
            Reporter: Steven Feltner


With 9400+ ssl certs configured in ssl_multicert.config, traffic_server will 
seg fault after anywhere from two mins to an hour.  May be linked to issuing a 
'traffic_line -x' (particularly after removing an entry from 
ssl_multicert.config), but does not always correlate.

#10863 0x00000000006e3d14 in qsort_VecRef<SSLCertContext> (left=0x2ac740109950, 
right=0x2ac740062148, lt=0x6e1c70 <SSLCtxCompare(SSLCertContext const&, 
SSLCertContext const&)>) at ../../lib/ts/Vec.h:1035
#10864 qsort_VecRef<SSLCertContext> (left=0x2ac740109950, right=0x2ac740062148, 
lt=0x6e1c70 <SSLCtxCompare(SSLCertContext const&, SSLCertContext const&)>) at 
../../lib/ts/Vec.h:1035
#10865 0x00000000006e3d14 in qsort_VecRef<SSLCertContext> (left=0x2ac740109950, 
right=0x2ac740062100, lt=0x6e1c70 <SSLCtxCompare(SSLCertContext const&, 
SSLCertContext const&)>) at ../../lib/ts/Vec.h:1035
#10866 qsort_VecRef<SSLCertContext> (left=0x2ac740109950, right=0x2ac740062100, 
lt=0x6e1c70 <SSLCtxCompare(SSLCertContext const&, SSLCertContext const&)>) at 
../../lib/ts/Vec.h:1035
#10867 0x00000000006e3d14 in qsort_VecRef<SSLCertContext> (left=0x2ac740109950, 
right=0x2ac7400620b8, lt=0x6e1c70 <SSLCtxCompare(SSLCertContext const&, 
SSLCertContext const&)>) at ../../lib/ts/Vec.h:1035
#10868 qsort_VecRef<SSLCertContext> (left=0x2ac740109950, right=0x2ac7400620b8, 
lt=0x6e1c70 <SSLCtxCompare(SSLCertContext const&, SSLCertContext const&)>) at 
../../lib/ts/Vec.h:1035
#10869 0x00000000006e3d14 in qsort_VecRef<SSLCertContext> (left=0x2ac740109950, 
right=0x2ac740062070, lt=0x6e1c70 <SSLCtxCompare(SSLCertContext const&, 
SSLCertContext const&)>) at ../../lib/ts/Vec.h:1035
#10870 qsort_VecRef<SSLCertContext> (left=0x2ac740109950, right=0x2ac740062070, 
lt=0x6e1c70 <SSLCtxCompare(SSLCertContext const&, SSLCertContext const&)>) at 
../../lib/ts/Vec.h:1035
#10871 0x00000000006e2f76 in qsort_VecRef<SSLCertContext> (this=0x2d91540, 
__in_chrg=<value optimized out>) at ../../lib/ts/Vec.h:1035
#10872 qsort (this=0x2d91540, __in_chrg=<value optimized out>) at 
../../lib/ts/Vec.h:1052
#10873 SSLContextStorage::~SSLContextStorage (this=0x2d91540, __in_chrg=<value 
optimized out>) at SSLCertLookup.cc:302
#10874 0x00000000006e2fe9 in SSLCertLookup::~SSLCertLookup (this=0x2d91510, 
__in_chrg=<value optimized out>) at SSLCertLookup.cc:181
#10875 0x00000000006e3029 in SSLCertLookup::~SSLCertLookup (this=0x2d91510, 
__in_chrg=<value optimized out>) at SSLCertLookup.cc:182
#10876 0x0000000000646097 in ConfigInfoReleaser::handle_event 
(this=0x2ac7f9450390) at ProxyConfig.cc:105
#10877 0x0000000000721cf3 in handleEvent (this=0x2ac71e8bf010, e=0x18649c10, 
calling_code=2) at I_Continuation.h:145
#10878 EThread::process_event (this=0x2ac71e8bf010, e=0x18649c10, 
calling_code=2) at UnixEThread.cc:128
#10879 0x0000000000722891 in EThread::execute (this=0x2ac71e8bf010) at 
UnixEThread.cc:207
#10880 0x0000000000721112 in spawn_thread_internal (a=0x264bbf0) at Thread.cc:85
#10881 0x00000031780079d1 in start_thread () from /lib64/libpthread.so.0
#10882 0x00000031778e88fd in clone () from /lib64/libc.so.6

(gdb) f 10873
#10873 SSLContextStorage::~SSLContextStorage (this=0x2d91540, __in_chrg=<value 
optimized out>) at SSLCertLookup.cc:302
302       this->ctx_store.qsort(SSLCtxCompare);

(gdb) l
297
298     SSLContextStorage::~SSLContextStorage()
299     {
300       // First sort the array so we can efficiently detect duplicates
301       // and avoid the double free
302       this->ctx_store.qsort(SSLCtxCompare);
303       SSL_CTX *last_ctx = NULL;
304       for (unsigned i = 0; i < this->ctx_store.length(); ++i) {
305         if (this->ctx_store[i].ctx != last_ctx) {
306           last_ctx = this->ctx_store[i].ctx;

(gdb) p this
$1 = (SSLContextStorage * const) 0x2d91540
(gdb) p *this
$2 = {wildcards = {_vptr.Trie = 0x792750, static N_NODE_CHILDREN = 256, m_root 
= {value = 0x0, occupied = false, rank = 0, children = {0x0 <repeats 97 times>, 
0xa867cf0, 0x0, 0x39bad80, 0x0, 0x6540130, 0x0, 0x0, 0x0, 0x9955210,
        0x0, 0x0, 0x0, 0xa44d480, 0x3ccb3c0, 0x6a7f860, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x61191a0, 0x0 <repeats 138 times>}}, m_value_list = 
{<DLL<SSLContextStorage::ContextRef, SSLContextStorage::ContextRef::Link_link>> 
= {
        head = 0x39b8db0}, tail = 0xb9c48a0}}, hostnames = 0x2d91df0, ctx_store 
= {n = 28603, i = 0, v = 0x2ac740062010, e = {{ctx = 0x2d91f80, opt = 
SSLCertContext::OPT_NONE, keyblock = 0x2d940e0}, {ctx = 0x2d91f80,
        opt = SSLCertContext::OPT_NONE, keyblock = 0x0}, {ctx = 0x2d91f80, opt 
= SSLCertContext::OPT_NONE, keyblock = 0x0}, {ctx = 0x2d96ee0, opt = 
SSLCertContext::OPT_NONE, keyblock = 0x2d92f10}}}}





--
This message was sent by Atlassian JIRA
(v6.3.4#6332)