Susan Hinrichs commented on TS-4819:

I think this bug is related to TS-4664.  On an error, the state machine calls 
ua_session->do_io_close() which causes the SSN_CLOSE hook to be processed.  

We are running internally with the fix proposed by TS-4664.  This delays the 
ProxyClientSession SSN_CLOSE hook processing until we get to a point when the 
State Machine is gone.  This particular case does not crash in our patched 
5.3.x. Without this fix, the SSN_CLOSE processing happens immediately which 
frees the Http1ClientSession (and Http2ClientTransaction object).  In this 
particular case, the freed ua_session object is referenced on the way out of 
the function causing the crash.  

This error case freeing might also explain some of the crashes we are seeing in 

> ATS-6.2.x crashes if the message-body of a chunk is not correctly formatted
> ---------------------------------------------------------------------------
>                 Key: TS-4819
>                 URL: https://issues.apache.org/jira/browse/TS-4819
>             Project: Traffic Server
>          Issue Type: Bug
>          Components: Core, HTTP
>            Reporter: Syeda Persia Aziz
>             Fix For: 7.1.0
>         Attachments: test_post.py
>  I found this when using the python "requests" library to generate HTTP 
> requests to test the ATS. The request method of this library generates 
> incorrect message body (i.e., does not follow the standard format) if both 
> Content-Length and chunked encoding are specified. ATS can handle requests 
> with these two fields being specified. It is the wrong format of the chunk 
> that makes the ATS crash. The test program to reproduce the issue is 
> attached. If the Content-Length is  removed from the header, then the library 
> generates the correct format and ATS responds correctly. Ideally, 
> content-length and chunked encoding should not be specified together

This message was sent by Atlassian JIRA

Reply via email to