BR,Hi, I found the bug. The segfault is unavoidable, because is trigged if an entry doesn't exists in the stick-tables. At the start, the stick table is empty.
It is a regression introduced in 1.8.10 by this patch: BUG/MEDIUM: stick-tables: Decrement ref_cnt in table_* converters commit d7bd88009d88dd413e01bc0baa90d6662a3d7718 Author: Daniel Corbett <[email protected]> Date: Sun May 27 09:47:12 2018 -0400 I join a patch. Daniel, could you check the compliance with your original patch ? William, The backport in 1.8 stable is trivial. BR, Thierry On Mon, 25 Jun 2018 23:03:37 +0200 Willy Tarreau <[email protected]> wrote: > On Mon, Jun 25, 2018 at 10:45:51PM +0200, Thierry Fournier wrote: > > Just for information, If someone is working on this bug, I think > > that I found the origin of the crash. I check impact and the > > validity of the patch, and them I submit a patch > > Ah cool, thank you, we'll have a fairly busy week and I didn't expect > to have the time to look at this crash this week :-( > > Cheers, > Willy >
>From 92622852bccce39afbc63320ee7cad4df0586388 Mon Sep 17 00:00:00 2001 From: Thierry FOURNIER <[email protected]> Date: Mon, 25 Jun 2018 22:35:20 +0200 Subject: [PATCH] BUG/MAJOR: Stick-tables crash with segfault when the key is not in the stick-table When a lookup is done on a key not present in the stick-table the "st" pointer is NULL and it is used to return the converter result, but it is used untested with stktable_release(). This regression was introduced in 1.8.10 here: BUG/MEDIUM: stick-tables: Decrement ref_cnt in table_* converters commit d7bd88009d88dd413e01bc0baa90d6662a3d7718 Author: Daniel Corbett <[email protected]> Date: Sun May 27 09:47:12 2018 -0400 Minimal conf for reproducong the problem: frontend test mode http stick-table type ip size 1m expire 1h store gpc0 bind *:8080 http-request redirect location /a if { src,in_table(test) } The segfault is triggered using: curl -i http://127.0.0.1:8080/ This patch must be backported in 1.8 --- src/stick_table.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/stick_table.c b/src/stick_table.c index 101a4e253..429465455 100644 --- a/src/stick_table.c +++ b/src/stick_table.c @@ -875,7 +875,8 @@ static int sample_conv_in_table(const struct arg *arg_p, struct sample *smp, voi smp->data.type = SMP_T_BOOL; smp->data.u.sint = !!ts; smp->flags = SMP_F_VOL_TEST; - stktable_release(t, ts); + if (ts) + stktable_release(t, ts); return 1; } -- 2.16.3
