OK, after several days of investigation, it seems this problem probably
occurred because race condition between threads of the same workers, here
is my conclusion:
"wsgi_req" which is a shared struct between threads of all the workers is
reset to zero in "uwsgi_destroy_request" or "uwsgi_close_request".
Unfortunately , in "uwsgi_destroy_request" & "uwsgi_close_request" ,
pthread_setcancelstate is called before memset of wsgi_req, does this
implies that if an other thread calls pthread_cancel while reaching max
requests meanwhile, "wsgi_req" is vulnerable remains last value in the new
forked worker, since the new worker reusing shared memory of workers[i]
struct without zero-filled.
Is there any chance to do with that?
thanks~
code:
...
#ifdef UWSGI_THREADING
int foo;
if (uwsgi.threads > 1) {
// now the thread can die...
pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &foo);
}
#endif
memset(wsgi_req, 0, sizeof(struct wsgi_request));
...
2013/1/20 <[email protected]>
> Re: is this a critical bug or what?
_______________________________________________
uWSGI mailing list
[email protected]
http://lists.unbit.it/cgi-bin/mailman/listinfo/uwsgi
