wmaillard / shellinabox

Automatically exported from code.google.com/p/shellinabox
Other
0 stars 0 forks source link

Segmentation fault at libhttp/server.c:355 #91

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
Running the latest shellinabox from subversion. The program occasionally 
crashes with a segmentation fault. Here is the stack:

Program received signal SIGSEGV, Segmentation fault.
0x0805c9d0 in serverGetConnection (server=0x86df4e8, hint=0x875a5c0, fd=9) at 
libhttp/server.c:355
355       if (hint &&

#0  0x0805c9d0 in serverGetConnection (server=0x86df4e8, hint=0x875a5c0, fd=9) 
at libhttp/server.c:355
#1  0x0805b8a6 in httpGetServerConnection (http=0x875a368) at 
libhttp/httpconnection.c:1888
#2  0x08058253 in httpTransfer (http=0x875a368, 
    msg=0x875a440 "ȫu\bh\200u\b 200 OK\r\nContent-Type: application/json; charset=utf-8\r\nContent-Length: 47\r\nCache-Control: no-cache\r\n\r\n{\"session\":\"j/jUL3z5i-oV5cwRtGff0Q\",\"data\":\"p\"}", len=158) at libhttp/httpconnection.c:760
#3  0x0804b0ca in completePendingRequest (session=0x8759b08, buf=0xbfe47410 
"p", len=1, maxLength=2048)
    at shellinabox/shellinaboxd.c:242
#4  0x0804b28c in handleSession (connection=0x875a56c, arg=0x8759b08, 
events=0xbfe47c6a, revents=1)
    at shellinabox/shellinaboxd.c:283
#5  0x0805d273 in serverLoop (server=0x86df4e8) at libhttp/server.c:502
#6  0x0804dda0 in main (argc=6, argv=0xbfe47dc4) at 
shellinabox/shellinaboxd.c:1305

I'll try to attach a core dump.

Original issue reported on code.google.com by nutzman%...@gtempaccount.com on 3 Sep 2010 at 4:24

GoogleCodeExporter commented 8 years ago
Yes, a core file and a copy of the binary would be very helpful.

But even if you can't get a core file, a little more output from gdb would 
probably already do. Next time you see this problem, can you get me the output 
from "bt", "info registers", and "disassem". That would probably already point 
me in the right direction (knock on wood).

I suspect, if you just deleted the "if ()" statement entirely, the crash will 
go away. But I'd rather fix this correctly. The "for ()" loop is somewhat 
inefficient, if there are a lot of active connections. So, we'd rather avoid a 
full-on search and instead rely on the "hint", if it is still valid.

My gut feeling is that this could be the result of "gcc" optimizing more 
aggressively than I expected. That's why the dissassembly output should help.

Original comment by zod...@gmail.com on 3 Sep 2010 at 4:46

GoogleCodeExporter commented 8 years ago
Here is the core, and the other output from gdb:

(gdb) bt
#0  0x0805c9d0 in serverGetConnection (server=0x86df4e8, hint=0x875a5c0, fd=9) 
at libhttp/server.c:355
#1  0x0805b8a6 in httpGetServerConnection (http=0x875a368) at 
libhttp/httpconnection.c:1888
#2  0x08058253 in httpTransfer (http=0x875a368, 
    msg=0x875a440 "ȫu\bh\200u\b 200 OK\r\nContent-Type: application/json; charset=utf-8\r\nContent-Length: 47\r\nCache-Control: no-cache\r\n\r\n{\"session\":\"j/jUL3z5i-oV5cwRtGff0Q\",\"data\":\"p\"}", len=158) at libhttp/httpconnection.c:760
#3  0x0804b0ca in completePendingRequest (session=0x8759b08, buf=0xbfe47410 
"p", len=1, maxLength=2048) at shellinabox/shellinaboxd.c:242
#4  0x0804b28c in handleSession (connection=0x875a56c, arg=0x8759b08, 
events=0xbfe47c6a, revents=1) at shellinabox/shellinaboxd.c:283
#5  0x0805d273 in serverLoop (server=0x86df4e8) at libhttp/server.c:502
#6  0x0804dda0 in main (argc=6, argv=0xbfe47dc4) at 
shellinabox/shellinaboxd.c:1305
(gdb) info registers
eax            0x6edc0520   1859912992
ecx            0x24 36
edx            0x332c0000   858521600
ebx            0x806874c    134645580
esp            0xbfe4725c   0xbfe4725c
ebp            0xbfe47268   0xbfe47268
esi            0x86df4e8    141423848
edi            0xbfe47d50   -1075544752
eip            0x805c9d0    0x805c9d0
eflags         0x10212  66066
cs             0x73 115
ss             0x7b 123
ds             0x7b 123
es             0x7b 123
fs             0x0  0
gs             0x33 51
(gdb) set height 0
(gdb) disassem
Dump of assembler code for function serverGetConnection:
0x0805c934 <serverGetConnection+0>: push   %ebp
0x0805c935 <serverGetConnection+1>: mov    %esp,%ebp
0x0805c937 <serverGetConnection+3>: push   %esi
0x0805c938 <serverGetConnection+4>: sub    $0x8,%esp
0x0805c93b <serverGetConnection+7>: cmpl   $0x0,0xc(%ebp)
0x0805c93f <serverGetConnection+11>:    je     0x805c9df <serverGetConnection+171>
0x0805c945 <serverGetConnection+17>:    mov    0x8(%ebp),%eax
0x0805c948 <serverGetConnection+20>:    mov    0x1c(%eax),%eax
0x0805c94b <serverGetConnection+23>:    cmp    0xc(%ebp),%eax
0x0805c94e <serverGetConnection+26>:    ja     0x805c9df <serverGetConnection+171>
0x0805c954 <serverGetConnection+32>:    mov    0x8(%ebp),%ecx
0x0805c957 <serverGetConnection+35>:    mov    0x8(%ebp),%eax
0x0805c95a <serverGetConnection+38>:    mov    0x20(%eax),%edx
0x0805c95d <serverGetConnection+41>:    mov    %edx,%eax
0x0805c95f <serverGetConnection+43>:    shl    $0x2,%eax
0x0805c962 <serverGetConnection+46>:    add    %edx,%eax
0x0805c964 <serverGetConnection+48>:    shl    $0x2,%eax
0x0805c967 <serverGetConnection+51>:    add    0x1c(%ecx),%eax
0x0805c96a <serverGetConnection+54>:    cmp    0xc(%ebp),%eax
0x0805c96d <serverGetConnection+57>:    jbe    0x805c9df <serverGetConnection+171>
0x0805c96f <serverGetConnection+59>:    mov    0x8(%ebp),%ecx
0x0805c972 <serverGetConnection+62>:    mov    0x8(%ebp),%eax
0x0805c975 <serverGetConnection+65>:    mov    0x1c(%eax),%edx
0x0805c978 <serverGetConnection+68>:    mov    0xc(%ebp),%eax
0x0805c97b <serverGetConnection+71>:    sub    %edx,%eax
0x0805c97d <serverGetConnection+73>:    add    0x1c(%ecx),%eax
0x0805c980 <serverGetConnection+76>:    cmp    0xc(%ebp),%eax
0x0805c983 <serverGetConnection+79>:    jne    0x805c9df <serverGetConnection+171>
0x0805c985 <serverGetConnection+81>:    mov    0xc(%ebp),%eax
0x0805c988 <serverGetConnection+84>:    cmpl   $0x0,(%eax)
0x0805c98b <serverGetConnection+87>:    jne    0x805c9df <serverGetConnection+171>
0x0805c98d <serverGetConnection+89>:    mov    0x8(%ebp),%esi
0x0805c990 <serverGetConnection+92>:    mov    0x8(%ebp),%eax
0x0805c993 <serverGetConnection+95>:    mov    0x1c(%eax),%edx
0x0805c996 <serverGetConnection+98>:    mov    0xc(%ebp),%eax
0x0805c999 <serverGetConnection+101>:   sub    %edx,%eax
0x0805c99b <serverGetConnection+103>:   mov    %eax,%ecx
0x0805c99d <serverGetConnection+105>:   sar    $0x2,%ecx
0x0805c9a0 <serverGetConnection+108>:   mov    %ecx,%eax
0x0805c9a2 <serverGetConnection+110>:   shl    $0x2,%eax
0x0805c9a5 <serverGetConnection+113>:   add    %ecx,%eax
0x0805c9a7 <serverGetConnection+115>:   lea    0x0(,%eax,4),%edx
0x0805c9ae <serverGetConnection+122>:   add    %edx,%eax
0x0805c9b0 <serverGetConnection+124>:   shl    %eax
0x0805c9b2 <serverGetConnection+126>:   add    %ecx,%eax
0x0805c9b4 <serverGetConnection+128>:   mov    %eax,%edx
0x0805c9b6 <serverGetConnection+130>:   shl    $0x8,%edx
0x0805c9b9 <serverGetConnection+133>:   add    %edx,%eax
0x0805c9bb <serverGetConnection+135>:   mov    %eax,%edx
0x0805c9bd <serverGetConnection+137>:   shl    $0x10,%edx
0x0805c9c0 <serverGetConnection+140>:   add    %edx,%eax
0x0805c9c2 <serverGetConnection+142>:   shl    $0x2,%eax
0x0805c9c5 <serverGetConnection+145>:   add    %ecx,%eax
0x0805c9c7 <serverGetConnection+147>:   shl    $0x3,%eax
0x0805c9ca <serverGetConnection+150>:   add    0x18(%esi),%eax
0x0805c9cd <serverGetConnection+153>:   add    $0x8,%eax
0x0805c9d0 <serverGetConnection+156>:   mov    (%eax),%eax
0x0805c9d2 <serverGetConnection+158>:   cmp    0x10(%ebp),%eax
0x0805c9d5 <serverGetConnection+161>:   jne    0x805c9df <serverGetConnection+171>
0x0805c9d7 <serverGetConnection+163>:   mov    0xc(%ebp),%eax
0x0805c9da <serverGetConnection+166>:   mov    %eax,0xfffffff4(%ebp)
0x0805c9dd <serverGetConnection+169>:   jmp    0x805ca4a <serverGetConnection+278>
0x0805c9df <serverGetConnection+171>:   movl   $0x0,0xfffffff8(%ebp)
0x0805c9e6 <serverGetConnection+178>:   mov    0x8(%ebp),%eax
0x0805c9e9 <serverGetConnection+181>:   mov    0x20(%eax),%eax
0x0805c9ec <serverGetConnection+184>:   cmp    0xfffffff8(%ebp),%eax
0x0805c9ef <serverGetConnection+187>:   jle    0x805ca43 <serverGetConnection+271>
0x0805c9f1 <serverGetConnection+189>:   mov    0x8(%ebp),%edx
0x0805c9f4 <serverGetConnection+192>:   mov    0xfffffff8(%ebp),%eax
0x0805c9f7 <serverGetConnection+195>:   shl    $0x3,%eax
0x0805c9fa <serverGetConnection+198>:   add    0x18(%edx),%eax
0x0805c9fd <serverGetConnection+201>:   add    $0x8,%eax
0x0805ca00 <serverGetConnection+204>:   mov    (%eax),%eax
0x0805ca02 <serverGetConnection+206>:   cmp    0x10(%ebp),%eax
0x0805ca05 <serverGetConnection+209>:   jne    0x805ca3c <serverGetConnection+264>
0x0805ca07 <serverGetConnection+211>:   mov    0x8(%ebp),%ecx
0x0805ca0a <serverGetConnection+214>:   mov    0xfffffff8(%ebp),%edx
0x0805ca0d <serverGetConnection+217>:   mov    %edx,%eax
0x0805ca0f <serverGetConnection+219>:   shl    $0x2,%eax
0x0805ca12 <serverGetConnection+222>:   add    %edx,%eax
0x0805ca14 <serverGetConnection+224>:   lea    0x0(,%eax,4),%edx
0x0805ca1b <serverGetConnection+231>:   mov    0x1c(%ecx),%eax
0x0805ca1e <serverGetConnection+234>:   cmpl   $0x0,(%edx,%eax,1)
0x0805ca22 <serverGetConnection+238>:   jne    0x805ca3c <serverGetConnection+264>
0x0805ca24 <serverGetConnection+240>:   mov    0x8(%ebp),%ecx
0x0805ca27 <serverGetConnection+243>:   mov    0xfffffff8(%ebp),%edx
0x0805ca2a <serverGetConnection+246>:   mov    %edx,%eax
0x0805ca2c <serverGetConnection+248>:   shl    $0x2,%eax
0x0805ca2f <serverGetConnection+251>:   add    %edx,%eax
0x0805ca31 <serverGetConnection+253>:   shl    $0x2,%eax
0x0805ca34 <serverGetConnection+256>:   add    0x1c(%ecx),%eax
0x0805ca37 <serverGetConnection+259>:   mov    %eax,0xfffffff4(%ebp)
0x0805ca3a <serverGetConnection+262>:   jmp    0x805ca4a <serverGetConnection+278>
0x0805ca3c <serverGetConnection+264>:   lea    0xfffffff8(%ebp),%eax
0x0805ca3f <serverGetConnection+267>:   incl   (%eax)
0x0805ca41 <serverGetConnection+269>:   jmp    0x805c9e6 <serverGetConnection+178>
0x0805ca43 <serverGetConnection+271>:   movl   $0x0,0xfffffff4(%ebp)
0x0805ca4a <serverGetConnection+278>:   mov    0xfffffff4(%ebp),%eax
0x0805ca4d <serverGetConnection+281>:   add    $0x8,%esp
0x0805ca50 <serverGetConnection+284>:   pop    %esi
0x0805ca51 <serverGetConnection+285>:   leave  
0x0805ca52 <serverGetConnection+286>:   ret    
End of assembler dump.
(gdb) 

Original comment by nutzman%...@gtempaccount.com on 3 Sep 2010 at 4:51

GoogleCodeExporter commented 8 years ago
And the binary...

Original comment by nutzman%...@gtempaccount.com on 3 Sep 2010 at 5:12

GoogleCodeExporter commented 8 years ago
This should be fixed now. Let me know, if you still see any problems.

Original comment by zod...@gmail.com on 3 Sep 2010 at 7:17

GoogleCodeExporter commented 8 years ago
I got a segmentation fault too:

1. Downloaded the source code
2. Ran "./configure && make && make install"
3 Ran "shellinaboxd" but gets "Segmentation fault"

Could someone help me?

Original comment by johnny.w...@gmail.com on 18 Oct 2010 at 5:22

GoogleCodeExporter commented 8 years ago
Try downloading the sources from SVN instead. That should work.

Original comment by zod...@gmail.com on 18 Oct 2010 at 5:26