[
https://issues.apache.org/jira/browse/TS-4313?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15219250#comment-15219250
]
ASF GitHub Bot commented on TS-4313:
------------------------------------
Github user maskit commented on the pull request:
https://github.com/apache/trafficserver/pull/542#issuecomment-203732053
@jpeach
I added some codes for debug and got these output. The rare case is
happening.
(I built with --enable-debug and ASAN using clang on OSX.)
Output:
```
mime_hdr_set_accelerators_and_presence_bits(hdr 0x61d0001ab908, field
0x6250001aba98): &(mh->m_first_fblock.m_field_slots[0]) = 0x61d0001ab958
(int)(field - &(mh->m_first_fblock.m_field_slots[0])) = 0xA
(long)(field - &(mh->m_first_fblock.m_field_slots[0])) = 0x40000000A
(ptrdiff_t)(field - &(mh->m_first_fblock.m_field_slots[0])) = 0x40000000A
mime_hdr_field_slotnum(hdr 0x61d0001ab908, field 0x6250001ab998): first =
0x61d0001ab958
(int)(field - first) = 0x2
(long)(field - first) = 0x400000002
(ptrdiff_t)(field - first) = 0x400000002
```
Debug code1:
``` c
if ((int)(field - &(mh->m_first_fblock.m_field_slots[0])) >= 0 &&
(int)(field - &(mh->m_first_fblock.m_field_slots[0])) <
MIME_FIELD_SLOTNUM_UNKNOWN && slot_num > UINT_MAX) {
fprintf(stderr, "mime_hdr_set_accelerators_and_presence_bits(hdr %p,
field %p): &(mh->m_first_fblock.m_field_slots[0]) = %p\n", mh, field,
&(mh->m_first_fblock.m_field_slots[0]));
fprintf(stderr, "(int)(field - &(mh->m_first_fblock.m_field_slots[0])) =
0x%X\n", (int)(field - &(mh->m_first_fblock.m_field_slots[0])));
fprintf(stderr, "(long)(field - &(mh->m_first_fblock.m_field_slots[0])) =
0x%lX\n", (long)(field - &(mh->m_first_fblock.m_field_slots[0])));
fprintf(stderr, "(ptrdiff_t)(field -
&(mh->m_first_fblock.m_field_slots[0])) = 0x%tX\n", (ptrdiff_t)(field -
&(mh->m_first_fblock.m_field_slots[0])));
}
```
Debug code2:
``` c
if ((int)(field - first) >= 0 && (int)(field - first) <
MIME_FIELD_BLOCK_SLOTS && block_slot > UINT_MAX) {
fprintf(stderr, "mime_hdr_field_slotnum(hdr %p, field %p): first = %p\n",
mh, field, first);
fprintf(stderr, "(int)(field - first) = 0x%X\n", (int)(field - first));
fprintf(stderr, "(long)(field - first) = 0x%lX\n", (long)(field - first));
fprintf(stderr, "(ptrdiff_t)(field - first) = 0x%tX\n", (ptrdiff_t)(field
- first));
}
```
However the problem doesn't seems to be caused by the optimization, adding
```MIMEFieldBlockImpl::contains(MIMEField*)``` is a good idea. It's readable
and reusable. I'll add it.
As for the tests, I had no idea. I came across the bug while I was testing
HPACK, which just uses a MIMEHdr heavily. It may be possible to write tests for
```MIMEFieldBlockImpl::contains(MIMEField*)```. The test would be:
1. Create a mime field
2. Add 2^32 to the pointer of the mime field
3. Pass the modified pointer to contains()
4. Check if the result is false
@zwoop
The type conversions are in the initial commit on the git repo, so I think
all versions should affect.
> MIMEHdr fails to find header fields
> -----------------------------------
>
> Key: TS-4313
> URL: https://issues.apache.org/jira/browse/TS-4313
> Project: Traffic Server
> Issue Type: Bug
> Components: MIME
> Reporter: Masakazu Kitajo
> Assignee: Masakazu Kitajo
> Fix For: 6.2.0
>
>
> MIMEHdr fails to find a MIMEField occasionally due to improper type
> conversion.
> It happens if the lower 32 bits of addresses of m_field_slots are the same.
> The logic below picks up wrong block.
> mime_hdr_field_slotnum():
> {code}
> for (fblock = &(mh->m_first_fblock); fblock != NULL; fblock = fblock->m_next)
> {
> MIMEField *first = &(fblock->m_field_slots[0]);
> int block_slot = (int)(field - first); // in units of MIMEField
> if ((block_slot >= 0) && (block_slot < MIME_FIELD_BLOCK_SLOTS))
> {code}
> The type of block_slot should be intptr_t.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
