[Bug 56133] New: Invalid socket caused signal bus error in jk_is_input_event()

[bugzilla]

https://issues.apache.org/bugzilla/show_bug.cgi?id=56133

            Bug ID: 56133
           Summary: Invalid socket caused signal bus error in
                    jk_is_input_event()
           Product: Tomcat Connectors
           Version: 1.2.37
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_jk
          Assignee: dev@tomcat.apache.org
          Reporter: shimizuhiroto...@gmail.com

Created attachment 31307
  --> https://issues.apache.org/bugzilla/attachment.cgi?id=31307&action=edit
patch against trunk

I used apache httpd-2.2.3-22.el5,mod_jk 1.2.28.
Signal bus error occurs and core dump file is output.
I analyze of follows.

(gdb) bt
#0  0x00002b7cb2c946a7 in kill () from /lib64/libc.so.6
#1  <signal handler called>
#2  0x00002b7cb8870f80 in jk_is_input_event (sd=-1, timeout=40000,
l=0x2b7cc3499fe8) at jk_connect.c:878

jk_is_input_event() caused signal bus error, because of sd=-1.

---mod_jk.log
[Sun Jan 19 11:22:12 2014][15227:1221724480] [info]
ajp_connection_tcp_send_message::jk_ajp_common.c
 (1101): sendfull for socket 62 returned -32 (errno=32)
---

ajp_connection_tcp_send_message() set the variable sd to -1 and return
JK_FALSE(0).
Thus rc=0,and the loop continue.
The variable sd is still -1,and jk_is_input_event() caused signal bus error.

I made patch against trunk.

==================================================================
--- common/jk_ajp_common.c    (revision 1555413)
+++ common/jk_ajp_common.c    (working copy)
@@ -2267,7 +2267,7 @@
              */
             op->recoverable = JK_FALSE;
             rc = ajp_connection_tcp_send_message(p, op->post, l);
-            if (rc < 0) {
+            if (rc != JK_TRUE) {
                 jk_log(l, JK_LOG_ERROR,
                        "(%s) Tomcat is down or network problems",
                         p->worker->name);

==================================================================
$ gdb /usr/sbin/httpd.worker core.15227
:
(gdb) bt
#0  0x00002b7cb2c946a7 in kill () from /lib64/libc.so.6
#1  <signal handler called>
#2  0x00002b7cb8870f80 in jk_is_input_event (sd=-1, timeout=40000,
l=0x2b7cc3499fe8) at jk_connect.c:878
#3  0x00002b7cb888c625 in ajp_get_reply (e=<value optimized out>, s=0x48d1fd10,
l=0x2b7cc3499fe8, p=0x2b7cc3695770, op=0x48d1ea10) at jk_ajp_common.c:1923
#4  0x00002b7cb888f948 in ajp_service (e=0x2b7cc36977b8, s=0x48d1fd10,
l=0x2b7cc3499fe8, is_error=0x48d1eb1c) at jk_ajp_common.c:2356
#5  0x00002b7cb887b99b in service (e=<value optimized out>, s=0x48d1fd10,
l=0x2b7cc3499fe8, is_error=0x48d1fef8) at jk_lb_worker.c:1214
#6  0x00002b7cb886d6ff in jk_handler (r=0x2b7cc378b968) at mod_jk.c:2521
:
(gdb) p *p
$1 = {worker = 0x2b7cc365f1e0, pool = {size = 8192, pos = 144, 
     :
      sd = -1, reuse = 0, endpoint = {rd = 8197, wr = 637, recoverable = 1, 
     :
      last_access = 1390098131, last_errno = 32, last_op = 1}

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org