8000 Libevent crashed on call to evhttp_clear_headers() · Issue #797 · libevent/libevent · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
Libevent crashed on call to evhttp_clear_headers()  #797
New issue
New issue
Closed
Closed
Libevent crashed on call to evhttp_clear_headers() #797
Labels
status:unconfirmedsubsystem:httpHTTP Related issue
@msrinirao

Description

@msrinirao
msrinirao
opened on Apr 10, 2019

Using libevent version 2.0.22. and getting the following crash trace consistently.

(gdb) bt
#0  evhttp_clear_headers (headers=0x10023390) at /usr/src/debug/libevent/2.0.22-r0/libevent-2.0.22-stable/http.c:1616
#1  0x0f5607ec in evhttp_request_free (req=0x1003c1c0) at /usr/src/debug/libevent/2.0.22-r0/libevent-2.0.22-stable/http.c:3533
#2  0x0f562d48 in evhttp_send_done (evcon=0x1003be90, arg=<optimized out>) at /usr/src/debug/libevent/2.0.22-r0/libevent-2.0.22-stable/http.c:2357
#3  0x0f55ce54 in evhttp_write_cb (bufev=<optimized out>, arg=<optimized out>) at /usr/src/debug/libevent/2.0.22-r0/libevent-2.0.22-stable/http.c:760
#4  0x0f54ccc8 in _bufferevent_run_writecb (bufev=bufev@entry=0x1003bf60) at /usr/src/debug/libevent/2.0.22-r0/libevent-2.0.22-stable/bufferevent.c:249
#5  0x0f54e3f4 in bufferevent_writecb (fd=fd@entry=7, event=event@entry=4, arg=arg@entry=0x1003bf60)
    at /usr/src/debug/libevent/2.0.22-r0/libevent-2.0.22-stable/bufferevent_sock.c:297
#6  0x0f53ec94 in event_persist_closure (ev=<optimized out>, base=<optimized out>) at /usr/src/debug/libevent/2.0.22-r0/libevent-2.0.22-stable/event.c:1319
#7  event_process_active_single_queue (activeq=0x100231e0, base=0x1003baa0) at /usr/src/debug/libevent/2.0.22-r0/libevent-2.0.22-stable/event.c:1363
#8  event_process_active (base=<optimized out>) at /usr/src/debug/libevent/2.0.22-r0/libevent-2.0.22-stable/event.c:1438
#9  event_base_loop (base=0x1003baa0, flags=flags@entry=0) at /usr/src/debug/libevent/2.0.22-r0/libevent-2.0.22-stable/event.c:1639
#10 0x0f53fe6c in event_base_dispatch (event_base=<optimized out>) at /usr/src/debug/libevent/2.0.22-r0/libevent-2.0.22-stable/event.c:1468
#11 0x0ff1c388 in post_accept () from /home/work/guest/debug/root/usr/lib/libhelper.so.9
#12 0x0f550dc8 in listener_read_cb (fd=fd@entry=6, what=what@entry=2, p=p@entry=0x1003b7e0)
    at /usr/src/debug/libevent/2.0.22-r0/libevent-2.0.22-stable/listener.c:418
#13 0x0f53ec94 in event_persist_closure (ev=<optimized out>, base=<optimized out>) at /usr/src/debug/libevent/2.0.22-r0/libevent-2.0.22-stable/event.c:1319
#14 event_process_active_single_queue (activeq=0x100230c0, base=0x1003b330) at /usr/src/debug/libevent/2.0.22-r0/libevent-2.0.22-stable/event.c:1363
#15 event_process_active (base=<optimized out>) at /usr/src/debug/libevent/2.0.22-r0/libevent-2.0.22-stable/event.c:1438
#16 event_base_loop (base=0x1003b330, flags=flags@entry=0) at /usr/src/debug/libevent/2.0.22-r0/libevent-2.0.22-stable/event.c:1639
#17 0x0f53fe6c in event_base_dispatch (event_base=<optimized out>) at /usr/src/debug/libevent/2.0.22-r0/libevent-2.0.22-stable/event.c:1468
#18 0x0ff1cc54 in helper_run () from /home/work/guest/debug/root/usr/lib/libhelper.so.9
#19 0x100019c4 in main ()
(gdb) p *headers
$7 = {tqh_first = 0x3d5d0c0, tqh_last = 0x1003d5f0}
(gdb) p *header
Cannot access memory at address 0x3d5d0c0
(gdb)

My helper_run() is calling libevent api as below code snippet:

helper_run()
{
....        
        struct event_base *base = event_base_new();
        struct evhttp *http = evhttp_new(base);
        struct evhttp_bound_socket *bound;
        struct evconnlistener *listener;
        struct event *signal_chld = {0};
        bound = evhttp_bind_socket_with_handle(http, settings->bindaddr, settings->port);
        listener = evhttp_bound_socket_get_listener(bound);
        evconnlistener_set_cb(listener, post_accept, baton);
        signal_chld = evsignal_new(base, SIGCHLD, signal_cb, signal_chld);
        evsignal_add(signal_chld, NULL);
        event_base_dispatch(base);

...
}


void post_accept(struct evconnlistener *listener, 
	evutil_socket_t nfd, 
	struct sockaddr *peer_sa, 
	int peer_socklen, 
	void *arg)
{
    myarg_baton_t *baton = arg;
    pid_t pid;
    pid = fork();
    if (pid < 0) {
        syslog(LOG_DAEMON, "%d %s %d fork() errno=%d",
            getpid(), __FUNCTION__, __LINE__, errno);
        close(nfd);
        return;
    }
    /* child */
    if (!pid) {
        struct event_base *base = event_base_new();
        struct evhttp *http = evhttp_new(base);
        /* This event base is used to process the http request passed to the child.
         */
        evhttp_set_cb(http, "/api", myarg_api_cb, baton);
        evhttp_get_request(http, nfd, peer_sa, peer_socklen);
        event_base_dispatch(base);
        exit(0);
    }
    /* parent */
    close(nfd);
    children++;
}

I have even tried with latest libevent 2.1.8 but the same crash backtrace is getting generated even then. Is this a known crash ?. Any workaround/patch exists please share ?

Metadata

Metadata

Assignees

No one assigned

    Labels

    status:unconfirmedsubsystem:httpHTTP Related issue

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      0