[
https://issues.apache.org/jira/browse/TS-4938?focusedWorklogId=30231&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-30231
]
ASF GitHub Bot logged work on TS-4938:
--------------------------------------
Author: ASF GitHub Bot
Created on: 06/Oct/16 16:38
Start Date: 06/Oct/16 16:38
Worklog Time Spent: 10m
Work Description: GitHub user shinrich opened a pull request:
https://github.com/apache/trafficserver/pull/1083
TS-4938: Avoid crashes due to NULL vc dereferences.
While debugging the fix for TS-4813, I saw a crash due to a
ua_session->get_netvc() being null be being dereferenced anyway in
HttpTransact. In this PR I'm trying to be defensive in dealing with this.
Actually there was a straight up correctness issue with the
set_active/inactivity_timeout going through the ua_session->get_netvc() rather
than ua_session. The timeouts are handled differently for Http2 than for
Http1, so we really need to pass through the ProxyClientTransaction object.
The other cases, are pulling local/remote address/port information.
Eventually we should sink that into the ProxyClientTransaction layer too, but
for this PR, I'm just doing the NULL checks. Forward progress.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/shinrich/trafficserver ts-4938
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/trafficserver/pull/1083.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #1083
----
commit 6c4fc39874be53051497975ffc47c5102c623ba1
Author: Susan Hinrichs <[email protected]>
Date: 2016-10-06T16:20:08Z
TS-4938: Avoid crashes due to NULL vc dereferences.
----
Issue Time Tracking
-------------------
Worklog Id: (was: 30231)
Time Spent: 10m
Remaining Estimate: 0h
> Crash due to null client_vc
> ---------------------------
>
> Key: TS-4938
> URL: https://issues.apache.org/jira/browse/TS-4938
> Project: Traffic Server
> Issue Type: Bug
> Components: Core
> Reporter: Susan Hinrichs
> Assignee: Susan Hinrichs
> Fix For: 7.1.0
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Saw this crash while testing fix for TS-4813. Have a fix that checks
> get_netvc() returns a non-NULL. Should make a more comprehensive review on
> the use of get_netvc() in HttpTransact.cc/HttpSM.cc
> {code}
> #0 0x000000000053ed2c in NetVConnection::get_local_addr (this=0x0) at
> ../iocore/net/P_NetVConnection.h:60
> #1 0x000000000057dca4 in NetVConnection::get_local_port (this=0x0) at
> ../iocore/net/P_NetVConnection.h:82
> #2 0x0000000000627844 in
> HttpTransact::initialize_state_variables_from_request (s=0x2b65700d4a98,
> obsolete_incoming_request=0x2b65700d51b8)
> at HttpTransact.cc:5709
> #3 0x0000000000632bd1 in HttpTransact::build_error_response
> (s=0x2b65700d4a98, status_code=HTTP_STATUS_BAD_GATEWAY,
> reason_phrase_or_null=0x7fb86c "Server Hangup", error_body_type=0x7fb87a
> "connect#hangup", format=0x0) at HttpTransact.cc:8141
> #4 0x00000000006311fa in HttpTransact::handle_server_died (s=0x2b65700d4a98)
> at HttpTransact.cc:7789
> #5 0x0000000000620bbc in HttpTransact::handle_server_connection_not_open
> (s=0x2b65700d4a98) at HttpTransact.cc:3991
> #6 0x000000000061fd43 in HttpTransact::handle_response_from_server
> (s=0x2b65700d4a98) at HttpTransact.cc:3824
> #7 0x000000000061d762 in HttpTransact::HandleResponse (s=0x2b65700d4a98) at
> HttpTransact.cc:3401
> #8 0x00000000005fc928 in HttpSM::call_transact_and_set_next_state
> (this=0x2b65700d4a20,
> f=0x61cf9a <HttpTransact::HandleResponse(HttpTransact::State*)>) at
> HttpSM.cc:7116
> #9 0x00000000005f6902 in HttpSM::handle_server_setup_error
> (this=0x2b65700d4a20, event=104, data=0x2aabd00372d8) at HttpSM.cc:5505
> #10 0x00000000005e88a4 in HttpSM::state_send_server_request_header
> (this=0x2b65700d4a20, event=104, data=0x2aabd00372d8) at HttpSM.cc:2053
> #11 0x00000000005eb3ba in HttpSM::main_handler (this=0x2b65700d4a20,
> event=104, data=0x2aabd00372d8) at HttpSM.cc:2655
> #12 0x00000000005145ac in Continuation::handleEvent (this=0x2b65700d4a20,
> event=104, data=0x2aabd00372d8) at ../iocore/eventsystem/I_Continuation.h:153
> #13 0x000000000079906f in write_signal_and_update (event=104,
> vc=0x2aabd0037140) at UnixNetVConnection.cc:174
> #14 0x00000000007992a6 in write_signal_done (event=104, nh=0x2b64f71b4cf0,
> vc=0x2aabd0037140) at UnixNetVConnection.cc:216
> #15 0x000000000079a475 in write_to_net_io (nh=0x2b64f71b4cf0,
> vc=0x2aabd0037140, thread=0x2b64f71b1010) at UnixNetVConnection.cc:547
> #16 0x0000000000799dc7 in write_to_net (nh=0x2b64f71b4cf0, vc=0x2aabd0037140,
> thread=0x2b64f71b1010) at UnixNetVConnection.cc:414
> #17 0x000000000079129d in NetHandler::mainNetEvent (this=0x2b64f71b4cf0,
> event=5, e=0x1646ac0) at UnixNet.cc:515
> #18 0x00000000005145ac in Continuation::handleEvent (this=0x2b64f71b4cf0,
> event=5, data=0x1646ac0) at ../iocore/eventsystem/I_Continuation.h:153
> #19 0x00000000007bc90a in EThread::process_event (this=0x2b64f71b1010,
> e=0x1646ac0, calling_code=5) at UnixEThread.cc:143
> #20 0x00000000007bcf0d in EThread::execute (this=0x2b64f71b1010) at
> UnixEThread.cc:270
> #21 0x00000000007bbf1e in spawn_thread_internal (a=0x15731f0) at Thread.cc:84
> #22 0x00002b64f5fcfaa1 in start_thread () from /lib64/libpthread.so.0
> #23 0x00000032310e893d in clone () from /lib64/libc.so.6
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
