Subject: Re: apache + mod_ssl + libc db bug?
To: Johnny C. Lam <lamj@stat.cmu.edu>
From: Charles M. Hannum <root@ihack.net>
List: tech-pkg
Date: 03/06/2001 09:40:59
On Tue, Mar 06, 2001 at 02:56:16AM -0500, Johnny C. Lam wrote:
>
...
> Program terminated with signal 11, Segmentation fault.
> Reading symbols from /usr/libexec/ld.elf_so...done.
> Reading symbols from /usr/lib/libcrypt.so.0...done.
> Reading symbols from /usr/lib/libc.so.12...done.
> Reading symbols from /usr/pkg/lib/httpd/mod_ssl.so...done.
> Reading symbols from /usr/lib/libssl.so.1...done.
> Reading symbols from /usr/lib/libcrypto.so.0...done.
> #0 0x48147fff in __log2 ()
> (gdb) bt
> #0 0x48147fff in __log2 ()
> #1 0x48145dd6 in __call_hash ()
> #2 0x48145707 in __hash_open ()
> #3 0x481455a7 in __hash_open ()
Too damned many static functions, but I'm guess this is really
__hash_open() -> init_htab() -> alloc_segs() -> hdestroy(), due to a
calloc() failure. In the case of the second calloc() failing, this is
likely to blow chunks because hashp->dir[0] is a null pointer.
You should be able to verify this by looking up the address in the
backtrace with nm(1) (after subtracting the load offset of libc).
If this is the case, it would suggest that the caller passed in a
HASHINFO structure with some bogus info.