On Wed, Dec 26, 2001 at 04:54:00AM -0800, Brian Pane wrote:
> I'm seeing a segfault during child process shutdown with the
> worker MPM on Solaris. It appears to happen because the worker
> threads do this:
>
> static void *worker_thread(apr_thread_t *thd, void * dummy)
> {
> proc_info * ti = dummy;
> int process_slot = ti->pid;
> int thread_slot = ti->tid;
> apr_socket_t *csd = NULL;
> apr_pool_t *ptrans; /* Pool for per-transaction stuff */
> apr_status_t rv;
> ...
> rv = APR_SUCCESS;
> apr_thread_exit(thd, &rv);
> return NULL;
> }
>
> Note that "rv" is a local var...
> When apr_thread_join tries to dereference the saved apr_status_t*
> to get the return status, it's accessing memory on the stack of
> a now-defunct thread. This yields random data at best, or a segfault
> at worst.
>
> I was about to apply the simple fix: make the worker thread malloc
> an apr_status_t and pass the address of the malloc'ed block to
> apr_thread_exit. But that won't quite work, because apr_thread_join
> makes a copy of the return status, rather than passing the pointer
> itself back to the thread that does the join. So there would be
> no way to free the malloc'ed space.
>
> I think the only clean way to fix this is to change apr_thread_exit
> and apr_thread_join.
> Either:
> * malloc space for a copy of the return status in apr_thread_exit
> and free it in apr_thread join
-0
> or:
> * add an apr_status_t to the apr_thread_t struct, and store the
> exit status there
+1, and I have a patch to do this across all platforms that was never
committed. Lemme dig it up and apply it today unless someone else gets
to it first.
-aaron
