[ 
https://issues.apache.org/jira/browse/TS-1605?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

James Peach updated TS-1605:
----------------------------

    Labels: crash  (was: )
    
> crash at mime_parse_int64
> -------------------------
>
>                 Key: TS-1605
>                 URL: https://issues.apache.org/jira/browse/TS-1605
>             Project: Traffic Server
>          Issue Type: Bug
>          Components: HTTP, MIME
>            Reporter: Bin Chen
>              Labels: crash
>
> {code}
> #0  0x0000000000610f76 in mime_parse_int64 (buf=0x3fb <Address 0x3fb out of 
> bounds>, 
>     end=0x380f74 <Address 0x380f74 out of bounds>) at MIME.cc:3076
> /usr/src/debug/trafficserver-3.2.0/proxy/hdrs/MIME.cc:3076:106103:beg:0x610f76
> Missing separate debuginfos, use: debuginfo-install 
> expat-2.0.1-9.1.el6.x86_64 glibc-2.12-1.47.el6.x86_64 
> keyutils-libs-1.4-3.el6.x86_64 krb5-libs-1.9-22.el6.x86_64 
> libcom_err-1.41.12-11.el6.x86_64 libgcc-4.4.6-3.el6.x86_64 
> libselinux-2.0.94-5.2.el6.x86_64 libstdc++-4.4.6-3.el6.x86_64 
> ncurses-libs-5.7-3.20090208.el6.x86_64 openssl-1.0.0-20.el6.x86_64 
> pcre-7.8-3.1.el6.x86_64 readline-6.0-3.el6.x86_64 tcl-8.5.7-6.el6.x86_64 
> xz-libs-4.999.9-0.3.beta.20091007git.el6.x86_64 zlib-1.2.3-27.el6.x86_64
> (gdb) bt
> #0  0x0000000000610f76 in mime_parse_int64 (buf=0x3fb <Address 0x3fb out of 
> bounds>, 
>     end=0x380f74 <Address 0x380f74 out of bounds>) at MIME.cc:3076
> #1  0x000000000060d7a6 in mime_field_value_get_int64 (field=0x2af6853bfdd0) 
> at MIME.cc:1694
> #2  0x000000000057d41c in MIMEHdr::value_get_int64 (this=0x2af6853bf5c8, 
> name=0x2db7388 "Age", name_length=3)
>     at ../../proxy/hdrs/MIME.h:1217
> #3  0x00000000005a9230 in MIMEHdr::get_age (this=0x2af6853bf5c8) at 
> ../../proxy/hdrs/MIME.h:1356
> #4  0x00000000005aac0b in HttpTransactHeaders::calculate_document_age 
> (request_time=1353920547, response_time=1353920547, 
>     base_response=0x2af6853bf5c8, base_response_date=1352509636, 
> now=1354258269) at HttpTransactHeaders.cc:400
> #5  0x0000000000581d73 in HttpTransactCache::SelectFromAlternates 
> (cache_vector=0x2af5f0a057c0, 
>     client_request=0x2af5f0a05780, http_config_params=0x2af6005fda30) at 
> HttpTransactCache.cc:221
> #6  0x0000000000692c34 in CacheVC::openReadStartHead (this=0x2af5f0a056c0, 
> event=3900, e=0x0) at CacheRead.cc:1019
> #7  0x00000000004e6fae in Continuation::handleEvent (this=0x2af5f0a056c0, 
> event=3900, data=0x0)
>     at ../iocore/eventsystem/I_Continuation.h:146
> #8  0x00000000006717e2 in CacheVC::handleReadDone (this=0x2af5f0a056c0, 
> event=3900, e=0x2af5f0a05840) at Cache.cc:1952
> #9  0x00000000004e6fae in Continuation::handleEvent (this=0x2af5f0a056c0, 
> event=3900, data=0x2af5f0a05840)
>     at ../iocore/eventsystem/I_Continuation.h:146
> #10 0x00000000006761cc in AIOCallbackInternal::io_complete 
> (this=0x2af5f0a05840, event=1, data=0x2af79c001420)
>     at ../../iocore/aio/P_AIO.h:80
> #11 0x00000000004e6fae in Continuation::handleEvent (this=0x2af5f0a05840, 
> event=1, data=0x2af79c001420)
>     at ../iocore/eventsystem/I_Continuation.h:146
> #12 0x00000000006d99b8 in EThread::process_event (this=0x2af4f84e6010, 
> e=0x2af79c001420, calling_code=1)
>     at UnixEThread.cc:189
> #13 0x00000000006d9b86 in EThread::execute (this=0x2af4f84e6010) at 
> UnixEThread.cc:240
> #14 0x00000000006d89e7 in spawn_thread_internal (a=0x2af4fc603b00) at 
> Thread.cc:88
> #15 0x00000034bfc077f1 in start_thread () from /lib64/libpthread.so.0
> #16 0x00000034bf8e570d in clone () from /lib64/libc.so.6
> (gdb) f 0
> #0  0x0000000000610f76 in mime_parse_int64 (buf=0x3fb <Address 0x3fb out of 
> bounds>, 
>     end=0x380f74 <Address 0x380f74 out of bounds>) at MIME.cc:3076
> /usr/src/debug/trafficserver-3.2.0/proxy/hdrs/MIME.cc:3076:106103:beg:0x610f76
> (gdb) l
> 3071    bool negative;
> 3072  
> 3073    if (!buf || (buf == end))
> 3074      return 0;
> 3075  
> 3076    if (is_digit(*buf))           // fast case
> 3077      {
> 3078        num = *buf++ - '0';
> 3079        while ((buf != end) && is_digit(*buf))
> 3080          num = (num * 10) + (*buf++ - '0');
> (gdb) p buf
> $1 = 0x3fb <Address 0x3fb out of bounds>
> {code}

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to