On Wed, Nov 03, 2021 at 04:21:34PM +0100, Thomas Weißschuh wrote: > Hi everybody, > > While investigating persistent segmentation faults in mod_dav_svn I found > invalid uses of objectpools in subversion/libsnv_repos/authz.c. > > In svn_repos_authz_initialize() the objectpools passed in during the > configuration phase are stored in static variables. > For some reason the configuration phase runs multiple times and the previously > used objectpools are freed. > > Because cached references to these freed objectpools are still used inside > authz.c accesses to that memory will read invalid data from other parts of > Apache, leading to segmentation faults. > > Maybe the issue happens especially on Alpine Linux because they are using musl > libc with its own memory allocator which may behave differently than glibc and > more directly reuse freed memory. > > I was able to work around the issue by removing the caching logic in > svn_repos_authz_initialize() and always call synchronized_authz_initialize(). > > Thanks, > Thomas
I guess this means the implemention of apr_atomic_cas32() is not working correctly on your system? svn_atomic__init_once() relies on this. There are regression tests for atomics in APR. You could try to run these tests to see if there are any failures. If broken atomics turn out to be the root cause of this problem then please file an issue with the APR project instead. Hope this helps, Stefan
