[
https://issues.apache.org/jira/browse/TS-4276?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Thomas Jackson updated TS-4276:
-------------------------------
Description:
Hostdb assumes that `lookup_done` returns a valid HostDBInfo (as mentioned in
comments--
https://github.com/apache/trafficserver/blob/master/iocore/hostdb/HostDB.cc#L1545).
In actuality lookup_done can actually return NULL in error conditions--
primarily when it is full
(https://github.com/apache/trafficserver/blob/master/iocore/hostdb/HostDB.cc#L1363).
Because of this, if a lookup is being done when hostdb is full, r comes back
as NULL and we get a segmentation fault that looks like:
{noformat}
traffic_server: Segmentation fault (Address not mapped to object [(nil)])
traffic_server - STACK TRACE:
./bin/traffic_server(_Z19crash_logger_invokeiP9siginfo_tPv+0x8e)[0x4ab81e]
/lib64/libpthread.so.0(+0x109f0)[0x7f991609a9f0]
./bin/traffic_server(_ZN18HostDBContinuation8dnsEventEiP7HostEnt+0xebb)[0x6ad5bb]
./bin/traffic_server(_ZN8DNSEntry9postEventEiP5Event+0x45)[0x6c5405]
./bin/traffic_server(_ZN7EThread13process_eventEP5Eventi+0x8a)[0x7c2c0a]
./bin/traffic_server(_ZN7EThread7executeEv+0x7e8)[0x7c3a38]
./bin/traffic_server[0x7c26e5]
/lib64/libpthread.so.0(+0x760a)[0x7f991609160a]
/lib64/libc.so.6(clone+0x6d)[0x7f9914fa4a4d]
Segmentation fault (core dumped)
{noformat}
Found while trying to repro TS-4207
was:
Hostdb assumes that `lookup_done` returns a valid HostDBInfo (as mentioned in
comments--
https://github.com/apache/trafficserver/blob/master/iocore/hostdb/HostDB.cc#L1545).
In actuality lookup_done can actually return NULL in error conditions--
primarily when it is full
(https://github.com/apache/trafficserver/blob/master/iocore/hostdb/HostDB.cc#L1363).
Because of this, if a lookup is being done when hostdb is full, r comes back
as NULL and we get a segmentation fault that looks like:
{noformat}
traffic_server: Segmentation fault (Address not mapped to object [(nil)])
traffic_server - STACK TRACE:
./bin/traffic_server(_Z19crash_logger_invokeiP9siginfo_tPv+0x8e)[0x4ab81e]
/lib64/libpthread.so.0(+0x109f0)[0x7f991609a9f0]
./bin/traffic_server(_ZN18HostDBContinuation8dnsEventEiP7HostEnt+0xebb)[0x6ad5bb]
./bin/traffic_server(_ZN8DNSEntry9postEventEiP5Event+0x45)[0x6c5405]
./bin/traffic_server(_ZN7EThread13process_eventEP5Eventi+0x8a)[0x7c2c0a]
./bin/traffic_server(_ZN7EThread7executeEv+0x7e8)[0x7c3a38]
./bin/traffic_server[0x7c26e5]
/lib64/libpthread.so.0(+0x760a)[0x7f991609160a]
/lib64/libc.so.6(clone+0x6d)[0x7f9914fa4a4d]
Segmentation fault (core dumped)
{noformat}
> Segmentation fault when hostdb runs out of space
> ------------------------------------------------
>
> Key: TS-4276
> URL: https://issues.apache.org/jira/browse/TS-4276
> Project: Traffic Server
> Issue Type: Bug
> Reporter: Thomas Jackson
>
> Hostdb assumes that `lookup_done` returns a valid HostDBInfo (as mentioned in
> comments--
> https://github.com/apache/trafficserver/blob/master/iocore/hostdb/HostDB.cc#L1545).
> In actuality lookup_done can actually return NULL in error conditions--
> primarily when it is full
> (https://github.com/apache/trafficserver/blob/master/iocore/hostdb/HostDB.cc#L1363).
> Because of this, if a lookup is being done when hostdb is full, r comes back
> as NULL and we get a segmentation fault that looks like:
> {noformat}
> traffic_server: Segmentation fault (Address not mapped to object [(nil)])
> traffic_server - STACK TRACE:
> ./bin/traffic_server(_Z19crash_logger_invokeiP9siginfo_tPv+0x8e)[0x4ab81e]
> /lib64/libpthread.so.0(+0x109f0)[0x7f991609a9f0]
> ./bin/traffic_server(_ZN18HostDBContinuation8dnsEventEiP7HostEnt+0xebb)[0x6ad5bb]
> ./bin/traffic_server(_ZN8DNSEntry9postEventEiP5Event+0x45)[0x6c5405]
> ./bin/traffic_server(_ZN7EThread13process_eventEP5Eventi+0x8a)[0x7c2c0a]
> ./bin/traffic_server(_ZN7EThread7executeEv+0x7e8)[0x7c3a38]
> ./bin/traffic_server[0x7c26e5]
> /lib64/libpthread.so.0(+0x760a)[0x7f991609160a]
> /lib64/libc.so.6(clone+0x6d)[0x7f9914fa4a4d]
> Segmentation fault (core dumped)
> {noformat}
> Found while trying to repro TS-4207
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
