search

swoole / swoole-src

🚀 Coroutine-based concurrency library for PHP
https://www.swoole.com
Apache License 2.0
18.25k stars 3.16k forks source link

5.1.2 Context::parse_multipart_data 导致abort 进程退出 #5305

Open szutoutou opened 3 weeks ago

szutoutou commented 3 weeks ago

Please answer these questions before submitting your issue.

  1. What did you do? If possible, provide a simple script for reproducing the error.

无任何改动,有看到之前的ISSUE(https://github.com/swoole/swoole-src/issues/4763) 修复时增加了abort(https://github.com/swoole/swoole-src/commit/3dc4416f86f4a6e91e72435e58a8e57d64d38dee#diff-6e3d81faee48df4a37170d8de1e07f97678e020999024df25f4cdf908a93a541R132)

  1. What did you expect to see?

修复该退出问题

  1. What did you see instead?

gdb core

#0  __restore_sigs (set=set@entry=0x7fbd6b5fd000) at syscall_arch.h:40
#1  0x00007fbd74d2a702 in raise (sig=sig@entry=6) at src/signal/raise.c:11
#2  0x00007fbd74cf9be8 in abort () at src/exit/abort.c:11
#3  0x00007fbd7261373b in multipart_parser_error_msg (p=<optimized out>, buf=<optimized out>, len=<optimized out>) at /swoole-src-5.1.2/thirdparty/multipart_parser.c:131
#4  0x00007fbd72673f3b in swoole::http::Context::parse_multipart_data (this=this@entry=0x7fbd72ec19d0, 
    at=at@entry=0x7fbd69b6c8a6 "------WebKitFormBoundaryJ51qho3f65365snb\r\nContent-Disposition: form-data; name=\"xxx\"\r\n\r\n0\r\n------WebKitFormBoundaryJ51qho3f65365snb\r\nContent-Disposition: form-data; name=\"xxxx\"\r\n\r\n0\r\n------Web"..., length=length@entry=1299) at /swoole-src-5.1.2/ext-src/swoole_http_request.cc:135
#5  0x00007fbd72674235 in http_request_on_body (parser=<optimized out>, 
    at=0x7fbd69b6c8a6 "------WebKitFormBoundaryJ51qho3f65365snb\r\nContent-Disposition: form-data; name=\"xxx\"\r\n\r\n0\r\n------WebKitFormBoundaryJ51qho3f65365snb\r\nContent-Disposition: form-data; name=\"xxxx\"\r\n\r\n0\r\n------Web"..., length=1299) at /swoole-src-5.1.2/ext-src/swoole_http_request.cc:782
#6  0x00007fbd7277e465 in swoole_http_parser_execute (parser=0x7fbd72ec1ba8, settings=0x7fbd7284a5a0 <http_parser_settings>, data=<optimized out>, len=<optimized out>) at  /swoole-src-5.1.2/thirdparty/swoole_http_parser.c:1402
#7  0x00007fbd7267e7f9 in zim_swoole_http_server_coro_onAccept (execute_data=<optimized out>, return_value=<optimized out>) at /swoole-src-5.1.2/ext-src/swoole_http_server_coro.cc:633
#8  0x000055b9d074381e in zend_call_function ()
#9  0x00007fbd7264f1e0 in swoole::PHPCoroutine::main_func (_args=<optimized out>) at /swoole-src-5.1.2/ext-src/swoole_coroutine.cc:707
#10 0x00007fbd726f45db in std::function<void (void*)>::operator()(void*) const (__args#0=<optimized out>, this=<optimized out>) at /c++/13.2.1/bits/std_function.h:591
#11 swoole::coroutine::Context::context_func (arg=0x7fbd6b957cc0) at /swoole-src-5.1.2/src/coroutine/context.cc:142
#12 0x00007fbd7278cbc1 in swoole_make_fcontext () at /swoole-src-5.1.2/thirdparty/boost/asm/make_x86_64_sysv_elf_gas.S:70
#13 0x0000000000000000 in ?? ()
  1. What version of Swoole are you using (show your php --ri swoole)?

swoole

Swoole => enabled Author => Swoole Team team@swoole.com Version => 5.1.2 Built => Mar 5 2024 08:08:42 coroutine => enabled with boost asm context epoll => enabled eventfd => enabled signalfd => enabled spinlock => enabled rwlock => enabled openssl => OpenSSL 3.1.4 24 Oct 2023 dtls => enabled http2 => enabled json => enabled curl-native => enabled zlib => 1.3.1 brotli => E16781312/D16781312 mutex_timedlock => enabled pthread_barrier => enabled futex => enabled mysqlnd => enabled async_redis => enabled

Directive => Local Value => Master Value swoole.enable_coroutine => On => On swoole.enable_library => On => On swoole.enable_fiber_mock => Off => Off swoole.enable_preemptive_scheduler => Off => Off swoole.display_errors => On => On swoole.use_shortname => Off => Off swoole.unixsock_buffer_size => 8388608 => 8388608

  1. What is your machine environment used (show your uname -a & php -v & gcc -v) ?

Linux 5.14.0-70.30.1.el9_0.x86_64 #1 SMP PREEMPT Thu Nov 3 20:29:04 UTC 2022 x86_64 Linux

PHP 8.2.15 (cli) (built: Jan 27 2024 04:53:38) (NTS) Copyright (c) The PHP Group Zend Engine v4.2.15, Copyright (c) Zend Technologies with Zend OPcache v8.2.15, Copyright (c), by Zend Technologies

Using built-in specs. COLLECT_GCC=gcc COLLECT_LTO_WRAPPER=/usr/libexec/gcc/x86_64-alpine-linux-musl/13.2.1/lto-wrapper Target: x86_64-alpine-linux-musl Configured with: /home/buildozer/aports/main/gcc/src/gcc-13-20231014/configure --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --build=x86_64-alpine-linux-musl --host=x86_64-alpine-linux-musl --target=x86_64-alpine-linux-musl --enable-checking=release --disable-cet --disable-fixed-point --disable-libstdcxx-pch --disable-multilib --disable-nls --disable-werror --disable-symvers --enable-__cxa_atexit --enable-default-pie --enable-default-ssp --enable-languages=c,c++,d,objc,go,fortran,ada --enable-link-serialization=2 --enable-linker-build-id --disable-libssp --disable-libsanitizer --enable-shared --enable-threads --enable-tls --with-bugurl=https://gitlab.alpinelinux.org/alpine/aports/-/issues --with-system-zlib --with-linker-hash-style=gnu --with-pkgversion='Alpine 13.2.1_git20231014' Thread model: posix Supported LTO compression algorithms: zlib gcc version 13.2.1 20231014 (Alpine 13.2.1_git20231014)

NathanFreeman commented 3 weeks ago

上传的是普通文件吗

NathanFreeman commented 3 weeks ago

不使用协程服务端,使用异步http服务端会出现这个吗

szutoutou commented 3 weeks ago

上传的是普通文件吗

之前nginx日志未开启,没有完整的form-data,core里面截取的部分来追溯api,该api是不需要传文件的,一个简单的数据上报api。 异步http服务端没有尝试,用的hyperf协程模式

NathanFreeman commented 3 weeks ago

就是api接口,但是content-typeform-data是吗,可以提供一下你的请求体参数来复现吗?

szutoutou commented 3 weeks ago

就是api接口,但是content-typeform-data是吗,可以提供一下你的请求体参数来复现吗?

是的。 目前没办法复现,已经开日志在收集了,似乎是个爬虫请求过来的,偶发出现的,需要等出现才能有body。 此处是为什么一定要abort呢,因为非法数据导致abort好像不太合理

NathanFreeman commented 3 weeks ago

可能是触发了MPPE_UNKNOWN这个,导致abort了

NathanFreeman commented 3 weeks ago

可能是触发了MPPE_UNKNOWN这个,导致abort了

szutoutou commented 3 weeks ago

可能是触发了MPPE_UNKNOWN这个,导致abort了

MPPE_UNKNOWN也是属于请求体异常吧,这里直接abort是不是不太合理,4.8.1的时候这里还没有abort诶~

NathanFreeman commented 3 weeks ago

我看看怎么复现和修改

szutoutou commented 3 weeks ago

我看看怎么复现和修改

------WebKitFormBoundaryHyCs4tZtwR555gS7 Content-Disposition: form-data; name="image"

0 ------WebKitFormBoundaryHyCs4tZtwR555gS7 Content-Disposition: form-data; name="list_image"

0 ------WebKitFormBoundaryHyCs4tZtwR555gS7 Content-Disposition: form-data; name="fav"

0 ------WebKitFormBoundaryHyCs4tZtwR555gS7 Content-Disposition: form-data; name="share"

0 ------WebKitFormBoundaryHyCs4tZtwR555gS7 Content-Disposition: form-data; name="call"

0 ------WebKitFormBoundaryHyCs4tZtwR555gS7 Content-Disposition: form-data; name="friend"

0 ------WebKitFormBoundaryHyCs4tZtwR555gS7 Content-Disposition: form-data; name="question"

0 ------WebKitFormBoundaryHyCs4tZtwR555gS7 Content-Disposition: form-data; name="print"

0 ------WebKitFormBoundaryHyCs4tZtwR555gS7 Content-Disposition: form-data; name="address"

0 ------WebKitFormBoundaryHyCs4tZtwR555gS7 Content-Disposition: form-data; name="message"

0 ------WebKitFormBoundaryHyCs4tZtwR555gS7 Content-Disposition: form-data; name="deep"

1 ------WebKitFormBoundaryHyCs4tZtwR555gS7 Content-Disposition: form-data; name="browse_time"

8000 ------WebKitFormBoundaryHyCs4tZtwR555gS7 Content-Disposition: form-data; name="device"

touch ------WebKitFormBoundaryHyCs4tZtwR555gS7 Content-Disposition: form-data; name="type"

2 ------WebKitFormBoundaryHyCs4tZtwR555gS7 Content-Disposition: form-data; nam

昨天有出现一次,应该是个不完整的form-data,本地尝试没办法复现,body长度 跟真实的请求不一样。 nginx记录到的body_send 170

NathanFreeman commented 3 weeks ago

谢谢,我这边看看