XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Unset
    • Resolution: Unresolved
    • Component/s: None
    • Labels:
      None
    • Environment:
      gentoo 64-bit firestorm viewer.

      Description

      I have encounter this curl crash twice today. On both curl 7.41.0 and 7.40.0

      This is on firestorm viewer, but sense we have not touch _httpcore and curl code and is merged straight from LL viewer. LL viewer may have the same problem. The repro for this is somewhat tough due to having to use the same type of network connection that I have. Both times of crash was just walking around the regime trying to find an object on said regime.

      Program received signal SIGSEGV, Segmentation fault.
      [Switching to Thread 0x7fffe3f91700 (LWP 4752)]
      Curl_removeHandleFromPipeline (handle=handle@entry=0x7fffd4059450, pipeline=0x0) at /usr/src/debug/net-misc/curl-7.41.0/curl-7.41.0/lib/url.c:2805
      2805      curr = pipeline->head;
       
      (gdb) bt
      #0  Curl_removeHandleFromPipeline (handle=handle@entry=0x7fffd4059450, pipeline=0x0) at /usr/src/debug/net-misc/curl-7.41.0/curl-7.41.0/lib/url.c:2805
      #1  0x00007ffff22fe0c4 in Curl_getoff_all_pipelines (data=data@entry=0x7fffd4059450, conn=0x7fffd42477f0) at /usr/src/debug/net-misc/curl-7.41.0/curl-7.41.0/lib/url.c:2852
      #2  0x00007ffff230f7a8 in curl_multi_remove_handle (multi_handle=0x3132030, curl_handle=0x7fffd4059450) at /usr/src/debug/net-misc/curl-7.41.0/curl-7.41.0/lib/multi.c:568
      #3  0x0000000001ccdf52 in LLCore::HttpLibcurl::completeRequest (this=this@entry=0x311c840, multi_handle=0x3132030, handle=<optimized out>, status=<optimized out>) at /usr/src/debug/games-simulation/firestorm-hg-21/linden/indra/llcorehttp/_httplibcurl.cpp:359
      #4  0x0000000001cce52a in LLCore::HttpLibcurl::processTransport (this=0x311c840) at /usr/src/debug/games-simulation/firestorm-hg-21/linden/indra/llcorehttp/_httplibcurl.cpp:178
      #5  0x0000000001cca447 in LLCore::HttpService::threadRun (this=0x2fb3870, thread=<optimized out>) at /usr/src/debug/games-simulation/firestorm-hg-21/linden/indra/llcorehttp/_httpservice.cpp:303
      #6  0x0000000001ccbcc9 in operator() (a0=0x30e6cb0, this=0x30e6cc0) at /usr/include/boost/function/function_template.hpp:767
      #7  LLCoreInt::HttpThread::run (this=0x30e6cb0) at /usr/src/debug/games-simulation/firestorm-hg-21/linden/indra/llcorehttp/_thread.h:62
      #8  0x0000000001ccbdcf in operator() (this=<optimized out>) at /usr/include/boost/function/function_template.hpp:767
      #9  boost::detail::thread_data<boost::function<void ()> >::run() (this=<optimized out>) at /usr/include/boost/thread/detail/thread.hpp:115
      #10 0x00007ffff55619a2 in boost::(anonymous namespace)::thread_proxy (param=<optimized out>) at libs/thread/src/pthread/thread.cpp:173
      #11 0x00007ffff6e8a334 in start_thread (arg=0x7fffe3f91700) at pthread_create.c:310
      #12 0x00007ffff04e69fd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109
       
      (gdb) frame 1
      #1  0x00007ffff22fe0c4 in Curl_getoff_all_pipelines (data=data@entry=0x7fffd4059450, conn=0x7fffd42477f0) at /usr/src/debug/net-misc/curl-7.41.0/curl-7.41.0/lib/url.c:2852
      2852      if(Curl_removeHandleFromPipeline(data, conn->recv_pipe) && recv_head)
       
      (gdb) frame 2
      #2  0x00007ffff230f7a8 in curl_multi_remove_handle (multi_handle=0x3132030, curl_handle=0x7fffd4059450) at /usr/src/debug/net-misc/curl-7.41.0/curl-7.41.0/lib/multi.c:568
      568           Curl_getoff_all_pipelines(data, data->easy_conn);
       
      (gdb) frame 3
      #3  0x0000000001ccdf52 in LLCore::HttpLibcurl::completeRequest (this=this@entry=0x311c840, multi_handle=0x3132030, handle=<optimized out>, status=<optimized out>) at /usr/src/debug/games-simulation/firestorm-hg-21/linden/indra/llcorehttp/_httplibcurl.cpp:359
      359             curl_multi_remove_handle(multi_handle, handle);
      
      

      What is happening is curl_multi_remove_handle is getting called when handle->easy_conn->recv_pipe is NULL, causing the segfault at "curr = pipeline->head;"

      I do not know of the bug root cause is in curl or the viewer code due to not checking for a NULL.

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            techwolf.lupindo Techwolf Lupindo
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:

                PagerDuty