Re: Another SEGV perl 5.8.0-RC2 apache 1.3.26 mod_perl 1.27

2002-07-14 Thread Andreas J. Koenig 

5.8.0-RC3 still produces the SEGV with apache 1.3.26, mod_perl 1.27,
Apache::Request 1.0 and MaxRequestPerChild  0.

My recipe to reproduce the SEGV currently is: Set MaxRequestPerChild
to 1 and request a static image.

Unless the problem is fixed before 5.8.0 comes out (i.e.~Thursday), I
fear we must document the fact:

--- perl-5.7.3@17527/pod/perldelta.pod~ Sun Jul 14 02:18:36 2002
+++ perl-5.7.3@17527/pod/perldelta.pod  Sun Jul 14 15:34:54 2002
 -3133,6 +3133,10 
 
 Use mod_perl 1.27 or higher.
 
+=head2 mod_perl 1.27 sometimes produces a segmentation fault
+
+Setting MaxRequestsPerChild to 0 seems to work around the problem.
+
 =head2 lib/ftmp-security tests warn 'system possibly insecure'
 
 Don't panic.  Read the 'make test' section of INSTALL instead.



Jim, in any case it would be great if you could release a new
Apache::Request with the two fixes that Doug has posted to the
list[1], so that people need not fall into the two already fixed
traps.--Thanks!


-- 
andreas

[1] http://mathforum.org/epigone/modperl/zhoolamgheld and
http://mathforum.org/epigone/modperl/glongsnaysimp

Re: Another SEGV perl 5.8.0-RC2 apache 1.3.26 mod_perl 1.27

2002-06-30 Thread Andreas J. Koenig 

 On Sat, 29 Jun 2002 16:48:57 -0700 (PDT), Doug MacEachern [EMAIL PROTECTED] 
said:

   On Mon, 24 Jun 2002, Andreas J. Koenig wrote:
  This stack trace is all I have. I cannot reproduce this SEGV at will,
  so it will be difficult to obtain additional information. All I can do
  is let the webserver run in -X mode and wait. I have no hints (yet)
  what kind of request triggers it.
   ...
  #6  0x820baa2 in PerlIO_cleanup (my_perl=0x82fc9c8) at perlio.c:2124
  #7  0x810d298 in perl_destruct (my_perl=0x82fc9c8) at perl.c:490
  #8  0x8099039 in perl_shutdown (s=0x82f140c, p=0x88f9c24) at mod_perl.c:294
  #9  0x809b373 in perl_child_exit (s=0x82f140c, p=0x88f9c24) at mod_perl.c:958
  #10 0x809afce in perl_child_exit_cleanup (data=0x88f9db4) at mod_perl.c:926

   looks like a leaked PerlIO* from Request.xs, as this is happening when the 
   child is killed by apache (e.g. MaxRequestsPerChild reached).
   patch below may cure, seems like a better approach in any case.
   it is ugly here because the FILE was opened by an apache api function 
   which will close it when the request pool is cleared, so we must dup.

Thanks Doug, another great step forward! I can confirm that setting
MaxRequestPerChild to 0 is an excellent way to avert the SEGV. But
unfortunately your patch doesn't cure completely. This is the latest
stack trace I got after I applied your patch. It was triggered by a
static file request that did not call a mod_perl handler.
MaxRequestPerChild was set to 3.

Program received signal SIGSEGV, Segmentation fault.
0x400d8076 in chunk_free (ar_ptr=0x4016ca40, p=0x82fd0a0) at malloc.c:3097
3097malloc.c: No such file or directory.
(gdb) bt
#0  0x400d8076 in chunk_free (ar_ptr=0x4016ca40, p=0x82fd0a0) at malloc.c:3097
#1  0x400d7f5a in __libc_free (mem=0x82fd0a8) at malloc.c:3023
#2  0x8169142 in Perl_safesysfree (where=0x82fd0a8) at util.c:151
#3  0x8197ea2 in Perl_sv_clear (my_perl=0x82fc9c8, sv=0x86ed0bc) at sv.c:5049
#4  0x819831d in Perl_sv_free (my_perl=0x82fc9c8, sv=0x86ed0bc) at sv.c:5192
#5  0x818d4d8 in do_clean_all (my_perl=0x82fc9c8, sv=0x86ed0bc) at sv.c:400
#6  0x818d147 in S_visit (my_perl=0x82fc9c8, f=0x818d47c do_clean_all)
at sv.c:292
#7  0x818d4fe in Perl_sv_clean_all (my_perl=0x82fc9c8) at sv.c:418
#8  0x810ddd5 in perl_destruct (my_perl=0x82fc9c8) at perl.c:771
#9  0x8099039 in perl_shutdown (s=0x82f140c, p=0x8903d6c) at mod_perl.c:294
#10 0x809b373 in perl_child_exit (s=0x82f140c, p=0x8903d6c) at mod_perl.c:958
#11 0x809afce in perl_child_exit_cleanup (data=0x8903efc) at mod_perl.c:926
#12 0x80ddc8e in run_cleanups ()
#13 0x80dc4bd in ap_clear_pool ()
#14 0x80dc531 in ap_destroy_pool ()
#15 0x80e945b in clean_child_exit ()
#16 0x80ec707 in child_main ()
#17 0x80eccb0 in make_child ()
#18 0x80ece09 in startup_children ()
#19 0x80ed466 in standalone_main ()
#20 0x80edc33 in main ()
#21 0x4009698b in __libc_start_main (main=0x80ed8dc main, argc=4, 
argv=0xbcc4, init=0x807a6f8 _init, fini=0x828da5c _fini, 
rtld_fini=0x4000ae60 _dl_fini, stack_end=0xbcbc)
at ../sysdeps/generic/libc-start.c:92



-- 
andreas

Re: Another SEGV perl 5.8.0-RC2 apache 1.3.26 mod_perl 1.27

2002-06-30 Thread Doug MacEachern 

On Sun, 30 Jun 2002, Andreas J. Koenig wrote:
 
 Program received signal SIGSEGV, Segmentation fault.
 0x400d8076 in chunk_free (ar_ptr=0x4016ca40, p=0x82fd0a0) at malloc.c:3097
 3097malloc.c: No such file or directory.
 (gdb) bt
 #0  0x400d8076 in chunk_free (ar_ptr=0x4016ca40, p=0x82fd0a0) at malloc.c:3097
 #1  0x400d7f5a in __libc_free (mem=0x82fd0a8) at malloc.c:3023
 #2  0x8169142 in Perl_safesysfree (where=0x82fd0a8) at util.c:151
 #3  0x8197ea2 in Perl_sv_clear (my_perl=0x82fc9c8, sv=0x86ed0bc) at sv.c:5049

hmm, looks like double free of SvPVX.  if you could in gdb:
(gdb) up 3
(gdb) print *sv
(gdb) print *(XPV*)sv-sv_any

might give a hint.

Re: Another SEGV perl 5.8.0-RC2 apache 1.3.26 mod_perl 1.27

2002-06-30 Thread Andreas J. Koenig 

 On Sun, 30 Jun 2002 15:30:18 -0700 (PDT), Doug MacEachern [EMAIL PROTECTED] 
said:

  #0  0x400d8076 in chunk_free (ar_ptr=0x4016ca40, p=0x82fd0a0) at malloc.c:3097
  #1  0x400d7f5a in __libc_free (mem=0x82fd0a8) at malloc.c:3023
  #2  0x8169142 in Perl_safesysfree (where=0x82fd0a8) at util.c:151
  #3  0x8197ea2 in Perl_sv_clear (my_perl=0x82fc9c8, sv=0x86ed0bc) at sv.c:5049

   hmm, looks like double free of SvPVX.  if you could in gdb:
   (gdb) up 3
   (gdb) print *sv
   (gdb) print *(XPV*)sv-sv_any

(gdb) up 3
#3  0x8197fa2 in Perl_sv_clear (my_perl=0x82fcaa8, sv=0x86ed170) at sv.c:5049
5049Safefree(SvPVX(sv));
(gdb) print *sv
$1 = {sv_any = 0x8638d10, sv_refcnt = 0, sv_flags = 4194307}
(gdb) print *(XPV*)sv-sv_any
$2 = {xpv_pv = 0x82fd188 , xpv_cur = 0, xpv_len = 140741932}




-- 
andreas

Re: Another SEGV perl 5.8.0-RC2 apache 1.3.26 mod_perl 1.27

2002-06-29 Thread Doug MacEachern 

On Mon, 24 Jun 2002, Andreas J. Koenig wrote:

 This stack trace is all I have. I cannot reproduce this SEGV at will,
 so it will be difficult to obtain additional information. All I can do
 is let the webserver run in -X mode and wait. I have no hints (yet)
 what kind of request triggers it.
...
 #6  0x820baa2 in PerlIO_cleanup (my_perl=0x82fc9c8) at perlio.c:2124
 #7  0x810d298 in perl_destruct (my_perl=0x82fc9c8) at perl.c:490
 #8  0x8099039 in perl_shutdown (s=0x82f140c, p=0x88f9c24) at mod_perl.c:294
 #9  0x809b373 in perl_child_exit (s=0x82f140c, p=0x88f9c24) at mod_perl.c:958
 #10 0x809afce in perl_child_exit_cleanup (data=0x88f9db4) at mod_perl.c:926

looks like a leaked PerlIO* from Request.xs, as this is happening when the 
child is killed by apache (e.g. MaxRequestsPerChild reached).
patch below may cure, seems like a better approach in any case.
it is ugly here because the FILE was opened by an apache api function 
which will close it when the request pool is cleared, so we must dup.

--- Request/Request.xs~ Sun Jan 20 09:27:35 2002
+++ Request/Request.xs  Sat Jun 29 16:37:37 2002
 -491,8 +491,13 
 ApacheUpload_fh(upload)
 Apache::Upload upload
 
+PREINIT:
+int fd;
+
 CODE:
-if (  ( RETVAL = PerlIO_importFILE(ApacheUpload_fh(upload),0) ) == NULL  )
+fd = PerlLIO_dup(fileno(ApacheUpload_fh(upload)));
+
+if (!(RETVAL = PerlIO_fdopen(fd, r)))
XSRETURN_UNDEF;
 
 OUTPUT:
 -501,18 +506,9 
 CLEANUP:
 if (ST(0) != PL_sv_undef) {
IO *io = GvIOn((GV*)SvRV(ST(0)));
-   int fd = PerlIO_fileno(IoIFP(io));
-   PerlIO *fp;
 
-   fd = PerlLIO_dup(fd);
-   if (!(fp = PerlIO_fdopen(fd, r))) { 
-   PerlLIO_close(fd);
-   croak(fdopen failed!);
-   }
if (upload-req-parsed)
-   PerlIO_seek(fp, 0, 0);
-
-   IoIFP(io) = fp; 
+PerlIO_seek(IoIFP(io), 0, 0);
 }
 
 long

Another SEGV perl 5.8.0-RC2 apache 1.3.26 mod_perl 1.27

2002-06-24 Thread Andreas J. Koenig 

This stack trace is all I have. I cannot reproduce this SEGV at will,
so it will be difficult to obtain additional information. All I can do
is let the webserver run in -X mode and wait. I have no hints (yet)
what kind of request triggers it.

Again, as in my older posted SEGV, the line numbers are wrong, I do
not know why.

I'd appreciate any hint what I could try to come closer to a real
bugreport.

Program received signal SIGSEGV, Segmentation fault.
0x400d8076 in chunk_free (ar_ptr=0x4016ca40, p=0x8907350) at malloc.c:3097
3097malloc.c: No such file or directory.
(gdb) bt
#0  0x400d8076 in chunk_free (ar_ptr=0x4016ca40, p=0x8907350) at malloc.c:3097
#1  0x400d7f5a in __libc_free (mem=0x8907c88) at malloc.c:3023
#2  0x400d044b in _IO_new_fclose (fp=0x8907c88) at iofclose.c:61
#3  0x820c861 in PerlIOStdio_close (my_perl=0x82fc9c8, f=0x8303a00)
at perlio.c:2638
#4  0x820a329 in Perl_PerlIO_close (my_perl=0x82fc9c8, f=0x8303a00)
at perlio.c:1206
#5  0x8208b81 in PerlIO_cleantable (my_perl=0x82fc9c8, tablep=0x82fd3a0)
at perlio.c:498
#6  0x820baa2 in PerlIO_cleanup (my_perl=0x82fc9c8) at perlio.c:2124
#7  0x810d298 in perl_destruct (my_perl=0x82fc9c8) at perl.c:490
#8  0x8099039 in perl_shutdown (s=0x82f140c, p=0x88f9c24) at mod_perl.c:294
#9  0x809b373 in perl_child_exit (s=0x82f140c, p=0x88f9c24) at mod_perl.c:958
#10 0x809afce in perl_child_exit_cleanup (data=0x88f9db4) at mod_perl.c:926
#11 0x80ddc8e in run_cleanups ()
#12 0x80dc4bd in ap_clear_pool ()
#13 0x80dc531 in ap_destroy_pool ()
#14 0x80e945b in clean_child_exit ()
#15 0x80ec707 in child_main ()
#16 0x80eccb0 in make_child ()
#17 0x80ece09 in startup_children ()
#18 0x80ed466 in standalone_main ()
#19 0x80edc33 in main ()
#20 0x4009698b in __libc_start_main (main=0x80ed8dc main, argc=4, 
argv=0xbcd4, init=0x807a6f8 _init, fini=0x828da5c _fini, 
rtld_fini=0x4000ae60 _dl_fini, stack_end=0xbccc)
at ../sysdeps/generic/libc-start.c:92


# /usr/local/perl-5.8.0-RC2/bin/perl -V
Summary of my perl5 (revision 5.0 version 8 subversion 0) configuration:
  Platform:
osname=linux, osvers=2.2.18pre15, archname=i686-linux-multi
uname='linux pause.perl.org 2.2.18pre15 #5 fri oct 13 21:59:16 cest 2000 i686 
unknown '
config_args='-des -Dprefix=/usr/local/perl-5.8.0-RC2 -Dinstallusrbinperl=n 
-Uversiononly -Dusemultiplicity -Doptimize=-g'
hint=recommended, useposix=true, d_sigaction=define
usethreads=undef use5005threads=undef useithreads=undef usemultiplicity=define
useperlio=define d_sfio=undef uselargefiles=define usesocks=undef
use64bitint=undef use64bitall=undef uselongdouble=undef
usemymalloc=n, bincompat5005=undef
  Compiler:
cc='cc', ccflags ='-DDEBUGGING -fno-strict-aliasing -I/usr/local/include 
-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm',
optimize='-g',
cppflags='-DDEBUGGING -fno-strict-aliasing -I/usr/local/include 
-I/usr/include/gdbm'
ccversion='', gccversion='egcs-2.91.66 19990314/Linux (egcs-1.1.2 release)', 
gccosandvers=''
intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
alignbytes=4, prototype=define
  Linker and Libraries:
ld='cc', ldflags =' -L/usr/local/lib'
libpth=/usr/local/lib /lib /usr/lib
libs=-lnsl -lndbm -lgdbm -ldb -ldl -lm -lc -lposix -lcrypt -lutil
perllibs=-lnsl -ldl -lm -lc -lposix -lcrypt -lutil
libc=/lib/libc-2.1.3.so, so=so, useshrplib=false, libperl=libperl.a
gnulibc_version='2.1.3'
  Dynamic Linking:
dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-rdynamic'
cccdlflags='-fpic', lddlflags='-shared -L/usr/local/lib'


Characteristics of this binary (from libperl): 
  Compile-time options: DEBUGGING MULTIPLICITY USE_LARGE_FILES PERL_IMPLICIT_CONTEXT
  Built under linux
  Compiled at Jun 24 2002 06:49:05
  INC:
/usr/local/perl-5.8.0-RC2/lib/5.8.0/i686-linux-multi
/usr/local/perl-5.8.0-RC2/lib/5.8.0
/usr/local/perl-5.8.0-RC2/lib/site_perl/5.8.0/i686-linux-multi
/usr/local/perl-5.8.0-RC2/lib/site_perl/5.8.0
/usr/local/perl-5.8.0-RC2/lib/site_perl
.


-- 
andreas