9.0.6 crash in httpd mode

newdep · December 06, 2006, 01:46:23 PM

Hi Lutz,

newlisp 9.0.6 - Linux -

$ newlisp -c -d 8080 -w ./

*** glibc detected *** double free or corruption (!prev): 0x08086f28 ***

Aborted

What happened?

I started the above, then eneter the url localhost:8080

.. and then the error above...

I compiled newlisp with make linux_readline ; make linux_lib

----

...

...

...

chdir("./") = 0

ioctl(4, SNDCTL_TMR_TIMEBASE or TCGETS, 0xbffff09c) = -1 EINVAL (Invalid argument)

rt_sigaction(SIGINT, {0x8050280, [INT], SA_RESTORER|SA_RESTART, 0x400f4958}, {0x8050280, [INT], SA_RESTORER|SA_RESTART, 0x400f4958}, 8) = 0

rt_sigaction(SIGALRM, {0x8050280, [ALRM], SA_RESTORER|SA_RESTART, 0x400f4958}, {0x8050280, [ALRM], SA_RESTORER|SA_RESTART, 0x400f4958}, 8) = 0

rt_sigaction(SIGVTALRM, {0x8050280, [VTALRM], SA_RESTORER|SA_RESTART, 0x400f4958}, {0x8050280, [VTALRM], SA_RESTORER|SA_RESTART, 0x400f4958}, 8) = 0

rt_sigaction(SIGPROF, {0x8050280, [PROF], SA_RESTORER|SA_RESTART, 0x400f4958}, {0x8050280, [PROF], SA_RESTORER|SA_RESTART, 0x400f4958}, 8) = 0

rt_sigaction(SIGPIPE, {0x8050280, [PIPE], SA_RESTORER|SA_RESTART, 0x400f4958}, {0x8050280, [PIPE], SA_RESTORER|SA_RESTART, 0x400f4958}, 8) = 0

rt_sigaction(SIGCHLD, {0x8050280, [CHLD], SA_RESTORER|SA_RESTART, 0x400f4958}, {0x8050280, [CHLD], SA_RESTORER|SA_RESTART, 0x400f4958}, 8) = 0

munmap(0x401f9000, 135168) = 0

mmap2(NULL, 135168, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x401f9000

read(4, "G", 1) = 1

read(4, "E", 1) = 1

read(4, "T", 1) = 1

read(4, " ", 1) = 1

read(4, "/", 1) = 1

read(4, " ", 1) = 1

read(4, "H", 1) = 1

read(4, "T", 1) = 1

read(4, "T", 1) = 1

read(4, "P", 1) = 1

read(4, "/", 1) = 1

read(4, "1", 1) = 1

read(4, ".", 1) = 1

read(4, "1", 1) = 1

read(4, "r", 1) = 1

read(4, "n", 1) = 1

stat64("index.cgi", 0xbfffeb20) = -1 ENOENT (No such file or directory)

read(4, "U", 1) = 1

read(4, "s", 1) = 1

read(4, "e", 1) = 1

read(4, "r", 1) = 1

read(4, "-", 1) = 1

read(4, "A", 1) = 1

read(4, "g", 1) = 1

read(4, "e", 1) = 1

read(4, "n", 1) = 1

read(4, "t", 1) = 1

read(4, ":", 1) = 1

read(4, " ", 1) = 1

read(4, "M", 1) = 1

read(4, "o", 1) = 1

read(4, "z", 1) = 1

read(4, "i", 1) = 1

read(4, "l", 1) = 1

read(4, "l", 1) = 1

read(4, "a", 1) = 1

read(4, "/", 1) = 1

read(4, "5", 1) = 1

read(4, ".", 1) = 1

read(4, "0", 1) = 1

read(4, " ", 1) = 1

read(4, "(", 1) = 1

read(4, "c", 1) = 1

read(4, "o", 1) = 1

read(4, "m", 1) = 1

read(4, "p", 1) = 1

read(4, "a", 1) = 1

read(4, "t", 1) = 1

read(4, "i", 1) = 1

read(4, "b", 1) = 1

read(4, "l", 1) = 1

read(4, "e", 1) = 1

read(4, ";", 1) = 1

read(4, " ", 1) = 1

read(4, "K", 1) = 1

read(4, "o", 1) = 1

read(4, "n", 1) = 1

read(4, "q", 1) = 1

read(4, "u", 1) = 1

read(4, "e", 1) = 1

read(4, "r", 1) = 1

read(4, "o", 1) = 1

read(4, "r", 1) = 1

read(4, "/", 1) = 1

read(4, "3", 1) = 1

read(4, ".", 1) = 1

read(4, "5", 1) = 1

read(4, ")", 1) = 1

read(4, " ", 1) = 1

read(4, "K", 1) = 1

read(4, "H", 1) = 1

read(4, "T", 1) = 1

read(4, "M", 1) = 1

read(4, "L", 1) = 1

read(4, "/", 1) = 1

read(4, "3", 1) = 1

read(4, ".", 1) = 1

read(4, "5", 1) = 1

read(4, ".", 1) = 1

read(4, "4", 1) = 1

read(4, " ", 1) = 1

read(4, "(", 1) = 1

read(4, "l", 1) = 1

read(4, "i", 1) = 1

read(4, "k", 1) = 1

read(4, "e", 1) = 1

read(4, " ", 1) = 1

read(4, "G", 1) = 1

read(4, "e", 1) = 1

read(4, "c", 1) = 1

read(4, "k", 1) = 1

read(4, "o", 1) = 1

read(4, ")", 1) = 1

read(4, "r", 1) = 1

read(4, "n", 1) = 1

read(4, "P", 1) = 1

read(4, "r", 1) = 1

read(4, "a", 1) = 1

read(4, "g", 1) = 1

read(4, "m", 1) = 1

read(4, "a", 1) = 1

read(4, ":", 1) = 1

read(4, " ", 1) = 1

read(4, "n", 1) = 1

read(4, "o", 1) = 1

read(4, "-", 1) = 1

read(4, "c", 1) = 1

read(4, "a", 1) = 1

read(4, "c", 1) = 1

read(4, "h", 1) = 1

read(4, "e", 1) = 1

read(4, "r", 1) = 1

read(4, "n", 1) = 1

read(4, "C", 1) = 1

read(4, "a", 1) = 1

read(4, "c", 1) = 1

read(4, "h", 1) = 1

read(4, "e", 1) = 1

read(4, "-", 1) = 1

read(4, "c", 1) = 1

read(4, "o", 1) = 1

read(4, "n", 1) = 1

read(4, "t", 1) = 1

read(4, "r", 1) = 1

read(4, "o", 1) = 1

read(4, "l", 1) = 1

read(4, ":", 1) = 1

read(4, " ", 1) = 1

read(4, "n", 1) = 1

read(4, "o", 1) = 1

read(4, "-", 1) = 1

read(4, "c", 1) = 1

read(4, "a", 1) = 1

read(4, "c", 1) = 1

read(4, "h", 1) = 1

read(4, "e", 1) = 1

read(4, "r", 1) = 1

read(4, "n", 1) = 1

read(4, "A", 1) = 1

read(4, "c", 1) = 1

read(4, "c", 1) = 1

read(4, "e", 1) = 1

read(4, "p", 1) = 1

read(4, "t", 1) = 1

read(4, ":", 1) = 1

read(4, " ", 1) = 1

read(4, "t", 1) = 1

read(4, "e", 1) = 1

read(4, "x", 1) = 1

read(4, "t", 1) = 1

read(4, "/", 1) = 1

read(4, "h", 1) = 1

read(4, "t", 1) = 1

read(4, "m", 1) = 1

read(4, "l", 1) = 1

read(4, ",", 1) = 1

read(4, " ", 1) = 1

read(4, "i", 1) = 1

read(4, "m", 1) = 1

read(4, "a", 1) = 1

read(4, "g", 1) = 1

read(4, "e", 1) = 1

read(4, "/", 1) = 1

read(4, "j", 1) = 1

read(4, "p", 1) = 1

read(4, "e", 1) = 1

read(4, "g", 1) = 1

read(4, ",", 1) = 1

read(4, " ", 1) = 1

read(4, "i", 1) = 1

read(4, "m", 1) = 1

read(4, "a", 1) = 1

read(4, "g", 1) = 1

read(4, "e", 1) = 1

read(4, "/", 1) = 1

read(4, "p", 1) = 1

read(4, "n", 1) = 1

read(4, "g", 1) = 1

read(4, ",", 1) = 1

read(4, " ", 1) = 1

read(4, "t", 1) = 1

read(4, "e", 1) = 1

read(4, "x", 1) = 1

read(4, "t", 1) = 1

read(4, "/", 1) = 1

read(4, "*", 1) = 1

read(4, ",", 1) = 1

read(4, " ", 1) = 1

read(4, "i", 1) = 1

read(4, "m", 1) = 1

read(4, "a", 1) = 1

read(4, "g", 1) = 1

read(4, "e", 1) = 1

read(4, "/", 1) = 1

read(4, "*", 1) = 1

read(4, ",", 1) = 1

read(4, " ", 1) = 1

read(4, "*", 1) = 1

read(4, "/", 1) = 1

read(4, "*", 1) = 1

read(4, "r", 1) = 1

read(4, "n", 1) = 1

read(4, "A", 1) = 1

read(4, "c", 1) = 1

read(4, "c", 1) = 1

read(4, "e", 1) = 1

read(4, "p", 1) = 1

read(4, "t", 1) = 1

read(4, "-", 1) = 1

read(4, "E", 1) = 1

read(4, "n", 1) = 1

read(4, "c", 1) = 1

read(4, "o", 1) = 1

read(4, "d", 1) = 1

read(4, "i", 1) = 1

read(4, "n", 1) = 1

read(4, "g", 1) = 1

read(4, ":", 1) = 1

read(4, " ", 1) = 1

read(4, "x", 1) = 1

read(4, "-", 1) = 1

read(4, "g", 1) = 1

read(4, "z", 1) = 1

read(4, "i", 1) = 1

read(4, "p", 1) = 1

read(4, ",", 1) = 1

read(4, " ", 1) = 1

read(4, "x", 1) = 1

read(4, "-", 1) = 1

read(4, "d", 1) = 1

read(4, "e", 1) = 1

read(4, "f", 1) = 1

read(4, "l", 1) = 1

read(4, "a", 1) = 1

read(4, "t", 1) = 1

read(4, "e", 1) = 1

read(4, ",", 1) = 1

read(4, " ", 1) = 1

read(4, "g", 1) = 1

read(4, "z", 1) = 1

read(4, "i", 1) = 1

read(4, "p", 1) = 1

read(4, ",", 1) = 1

read(4, " ", 1) = 1

read(4, "d", 1) = 1

read(4, "e", 1) = 1

read(4, "f", 1) = 1

read(4, "l", 1) = 1

read(4, "a", 1) = 1

read(4, "t", 1) = 1

read(4, "e", 1) = 1

read(4, "r", 1) = 1

read(4, "n", 1) = 1

read(4, "A", 1) = 1

read(4, "c", 1) = 1

read(4, "c", 1) = 1

read(4, "e", 1) = 1

read(4, "p", 1) = 1

read(4, "t", 1) = 1

read(4, "-", 1) = 1

read(4, "C", 1) = 1

read(4, "h", 1) = 1

read(4, "a", 1) = 1

read(4, "r", 1) = 1

read(4, "s", 1) = 1

read(4, "e", 1) = 1

read(4, "t", 1) = 1

read(4, ":", 1) = 1

read(4, " ", 1) = 1

read(4, "i", 1) = 1

read(4, "s", 1) = 1

read(4, "o", 1) = 1

read(4, "-", 1) = 1

read(4, "8", 1) = 1

read(4, "8", 1) = 1

read(4, "5", 1) = 1

read(4, "9", 1) = 1

read(4, "-", 1) = 1

read(4, "1", 1) = 1

read(4, ",", 1) = 1

read(4, " ", 1) = 1

read(4, "u", 1) = 1

read(4, "t", 1) = 1

read(4, "f", 1) = 1

read(4, "-", 1) = 1

read(4, "8", 1) = 1

read(4, ";", 1) = 1

read(4, "q", 1) = 1

read(4, "=", 1) = 1

read(4, "0", 1) = 1

read(4, ".", 1) = 1

read(4, "5", 1) = 1

read(4, ",", 1) = 1

read(4, " ", 1) = 1

read(4, "*", 1) = 1

read(4, ";", 1) = 1

read(4, "q", 1) = 1

read(4, "=", 1) = 1

read(4, "0", 1) = 1

read(4, ".", 1) = 1

read(4, "5", 1) = 1

read(4, "r", 1) = 1

read(4, "n", 1) = 1

read(4, "A", 1) = 1

read(4, "c", 1) = 1

read(4, "c", 1) = 1

read(4, "e", 1) = 1

read(4, "p", 1) = 1

read(4, "t", 1) = 1

read(4, "-", 1) = 1

read(4, "L", 1) = 1

read(4, "a", 1) = 1

read(4, "n", 1) = 1

read(4, "g", 1) = 1

read(4, "u", 1) = 1

read(4, "a", 1) = 1

read(4, "g", 1) = 1

read(4, "e", 1) = 1

read(4, ":", 1) = 1

read(4, " ", 1) = 1

read(4, "e", 1) = 1

read(4, "n", 1) = 1

read(4, "r", 1) = 1

read(4, "n", 1) = 1

read(4, "H", 1) = 1

read(4, "o", 1) = 1

read(4, "s", 1) = 1

read(4, "t", 1) = 1

read(4, ":", 1) = 1

read(4, " ", 1) = 1

read(4, "l", 1) = 1

read(4, "o", 1) = 1

read(4, "c", 1) = 1

read(4, "a", 1) = 1

read(4, "l", 1) = 1

read(4, "h", 1) = 1

read(4, "o", 1) = 1

read(4, "s", 1) = 1

read(4, "t", 1) = 1

read(4, ":", 1) = 1

read(4, "8", 1) = 1

read(4, "0", 1) = 1

read(4, "8", 1) = 1

read(4, "0", 1) = 1

read(4, "r", 1) = 1

read(4, "n", 1) = 1

read(4, "C", 1) = 1

read(4, "o", 1) = 1

read(4, "n", 1) = 1

read(4, "n", 1) = 1

read(4, "e", 1) = 1

read(4, "c", 1) = 1

read(4, "t", 1) = 1

read(4, "i", 1) = 1

read(4, "o", 1) = 1

read(4, "n", 1) = 1

read(4, ":", 1) = 1

read(4, " ", 1) = 1

read(4, "K", 1) = 1

read(4, "e", 1) = 1

read(4, "e", 1) = 1

read(4, "p", 1) = 1

read(4, "-", 1) = 1

read(4, "A", 1) = 1

read(4, "l", 1) = 1

read(4, "i", 1) = 1

read(4, "v", 1) = 1

read(4, "e", 1) = 1

read(4, "r", 1) = 1

read(4, "n", 1) = 1

read(4, "r", 1) = 1

read(4, "n", 1) = 1

stat64("index.html", {st_mode=S_IFREG|0644, st_size=263, ...}) = 0

open("index.html", O_RDONLY|O_LARGEFILE) = 5

read(5, "<html><title>NOOGLE</title><h1>N"..., 263) = 263

close(5) = 0

write(4, "HTTP/1.0 200 OKrnServer: newLISP"..., 41) = 41

write(4, "Content-length: 263rnContent-typ"..., 48) = 48

write(4, "<html><title>NOOGLE</title><h1>N"..., 263) = 263

close(4) = 0

mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40018000

read(-1, 0x40018000, 8192) = -1 EBADF (Bad file descriptor)

munmap(0x40018000, 8192) = 0

open("/dev/tty", O_RDWR|O_NONBLOCK|O_NOCTTY) = 4

writev(4, [{"*** glibc detected *** ", 23}, {"double free or corruption (!prev"..., 33}, {": 0x", 4}, {"08086f28", 8}, {" ***n", 5}], 5*** glibc detected *** double free or corruption (!prev): 0x08086f28 ***

) = 73

rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0

getpid() = 6038

kill(6038, SIGABRT) = 0

--- SIGABRT (Aborted) @ 0 (0) ---

+++ killed by SIGABRT +++

Process 6038 detached

$

----

Norman.

Lutz · December 06, 2006, 02:28:26 PM

At the moment I only have Win32, Mac OS X and FreeBSD available where things work fine. I will not have access to a Linux system until later. What flavor of Linux are your running?

Lutz

newdep · December 06, 2006, 02:29:55 PM

Hi Lutz,

Slackware 11.0 with Kernel -> 2.4.33.3

Norman.

Lutz · December 06, 2006, 03:12:45 PM

Thanks Norman, I could repeat the problem on Debian Linux and could fix it.

Lutz

newdep · December 07, 2006, 03:31:49 PM

Hi Lutz,

I thought it was gone in 9.0.7 for a while.., but its back...

Its not the same crash..this time its more a free() issue..of a pointer..

$ newlisp httpd.conf -c -d 54080 -w ./

*** glibc detected *** free(): invalid pointer: 0x40018000 ***

Aborted

Hard to reproduce now... but im trying...

Norman.

Lutz · December 07, 2006, 06:14:34 PM

Make sure that the 'http-conf' definition always returns a string. The first CHANGES file I posted had returned a 'nil' under default conditions. 9.0.7 takes any return as a string pointer, that is probably what caused the crash. The corrected httpd.conf looks like this:

Code Select Expand
(define (httpd-conf request) 
    (if (ends-with request ".exe") "errorpage.html" request))

The function can be used to rewrite incoming URLs, test for unsecure file types, directories etc., but always must return a string, which is typically the request itself if it was safe. 9.0.8 will test for string and assume the original request if no string is returned.

Lutz

newdep · December 07, 2006, 11:37:59 PM

Aha ..oke... that could indeed be the problem because i was expirimenting with

the httpd.conf file indeed...

newLISP Fan Club

News:

9.0.6 crash in httpd mode

newdep

Lutz

newdep

Lutz

newdep

Lutz

newdep