segfaulting in IO.popen()

[Andres Salomon]

--=-4SIfvHv0YxMfkVBn05d3
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Hi,

I'm having a problem w/ mod_xmlrpc segfaulting inside a call to
IO.popen. The code snippet that's being run is:

cmd =3D 'sudo ' + PRIV + ' /usr/bin/apt-get -u --trivial-only dist-
upgrade'
skip =3D 2

f =3D IO.popen(cmd)
output =3D f.readlines



Here's the backtrace:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1079499040 (LWP 14934)]
0x4063931e in st_lookup (table=3D0x0, key=3D321, value=3D0xbfff92b8) at
st.c:258
258 hash_val =3D do_hash(key, table);
(gdb) bt
#0 0x4063931e in st_lookup (table=3D0x0, key=3D321, value=3D0xbfff92b8) at
st.c:258
#1 0x405d5106 in search_method (klass=3D1085430708, id=3D321,
origin=3D0xbfff92e4)
at eval.c:380
#2 0x405d5161 in rb_get_method_body (klassp=3D0xbfff9340, idp=3D0xbfff9324=
,
noexp=3D0xbfff9328) at eval.c:401
#3 0x405e012e in rb_call (klass=3D1085430708, recv=3D1085430908, mid=3D321=
,
argc=3D1,
argv=3D0xbfff9358, scope=3D0) at eval.c:5732
#4 0x405daccf in rb_eval (self=3D1086135396, n=3D0x0) at ruby.h:631
#5 0x405d96da in rb_eval (self=3D1086135396, n=3D0x0) at eval.c:2804
#6 0x405dfad2 in rb_call0 (klass=3D1086135376, recv=3D1086135396, id=3D107=
77,
oid=3D0, argc=3D0, argv=3D0x0, body=3D0x40ac52c8, nosuper=3D0) at eval.=
c:5663
#7 0x405e01eb in rb_call (klass=3D1086135376, recv=3D1086135396, mid=3D107=
77,
argc=3D0, argv=3D0x0, scope=3D0) at eval.c:5756
#8 0x405daccf in rb_eval (self=3D1086135336, n=3D0x0) at ruby.h:631
#9 0x405dfad2 in rb_call0 (klass=3D1086135176, recv=3D1086135336, id=3D108=
01,
oid=3D0, argc=3D0, argv=3D0x0, body=3D0x40ac50c0, nosuper=3D0) at eval.=
c:5663
#10 0x405e01eb in rb_call (klass=3D1086135176, recv=3D1086135336, mid=3D108=
01,
argc=3D0, argv=3D0x0, scope=3D0) at eval.c:5756
#11 0x405daccf in rb_eval (self=3D1085632956, n=3D0x0) at ruby.h:631
#12 0x405da5b1 in rb_eval (self=3D1085632956, n=3D0x0) at eval.c:3427
#13 0x405dfad2 in rb_call0 (klass=3D1085632936, recv=3D1085632956, id=3D229=
53,
oid=3D0, argc=3D0, argv=3D0xbfffd2b8, body=3D0x40b60a50, nosuper=3D0) a=
t
eval.c:5663
#14 0x405e01eb in rb_call (klass=3D1085632936, recv=3D1085632956, mid=3D229=
53,
---Type <return> to continue, or q <return> to quit---
argc=3D2, argv=3D0xbfffd2b0, scope=3D1) at eval.c:5756
#15 0x405e060e in rb_funcall2 (recv=3D321, mid=3D0, argc=3D0, argv=3D0x0) a=
t
ruby.h:631
#16 0x4001a875 in do_funcall (args=3D135795528)
at /home/dilinger/src/modxmlrpc2--mainline--0--
patch-18/mod_xmlrpc_rb.c:73
#17 0x405df059 in rb_protect (proc=3D0x4001a800 <do_funcall>, data=3D0,
state=3D0xbfffd4f8) at eval.c:5184
#18 0x4001a8f7 in protected_funcall2 (obj=3D0, method=3D2, err=3D0xbfffd4f8=
,
argc=3D2,
args=3D0xbfffd4d4)
at /home/dilinger/src/modxmlrpc2--mainline--0--
patch-18/mod_xmlrpc_rb.c:91
#19 0x4001b0ea in do_callback (env=3D0xbfffd580, param=3D0x8358188,
n=3D0x8272e90)
at /home/dilinger/src/modxmlrpc2--mainline--0--
patch-18/mod_xmlrpc_rb.c:301
#20 0x405951de in xmlrpc_registry_set_default_method ()
from /usr/lib/libxmlrpc.so.3
#21 0x405952b6 in xmlrpc_registry_process_call ()
from /usr/lib/libxmlrpc.so.3
#22 0x4001b96a in mod_xmlrpc_server_parse (registry=3D0x0, data=3D0x0,
len=3D0,
r=3D0x0)
at /home/dilinger/src/modxmlrpc2--mainline--0--
patch-18/mod_xmlrpc_server.c:47
#23 0x4001a0b1 in xmlrpc_handler (r=3D0x8322690)
at /home/dilinger/src/modxmlrpc2--mainline--0--
patch-18/mod_xmlrpc.c:108
#24 0x080782c5 in ap_run_handler ()
#25 0x080f1918 in ?? ()
#26 0x08106080 in ?? ()
---Type <return> to continue, or q <return> to quit---
#27 0x08322690 in ?? ()
#28 0x08322690 in ?? ()
#29 0x00000000 in ?? ()
#30 0xbffff698 in ?? ()
#31 0x080788d0 in ap_invoke_handler ()
Previous frame inner to this frame (corrupt stack?)
(gdb)


It looks to me like the klass that's being passed to search_method()
doesn't have a valid m_tbl. Here's the interpreter that I'm using; it's
an apache2 module that loads ruby scripts, and allows the ModXMLRPC
class methods to be called via xmlrpc:
http://www.acm.rpi.edu/~dilinger/modxmlrpc-snap.tar.gz

Any suggestions or tips on how to fix this would be appreciated. I'm
not sure whether the culprit is something in ruby, or in mod_xmlrpc.

=20

--=20
Andres Salomon <[email protected]>

--=-4SIfvHv0YxMfkVBn05d3
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQBBWHMU78o9R9NraMQRAoNEAKCvglmfeArC3mFutiAeAe1LX3asyACfUitl
xpJ++945OieESjfiipcDU8o=
=6ib9
-----END PGP SIGNATURE-----

--=-4SIfvHv0YxMfkVBn05d3--

 

[Yukihiro Matsumoto]

Hi,

In message "Re: segfaulting in IO.popen()"

|I'm having a problem w/ mod_xmlrpc segfaulting inside a call to
|IO.popen. The code snippet that's being run is:
|
|cmd = 'sudo ' + PRIV + ' /usr/bin/apt-get -u --trivial-only dist-upgrade'
|skip = 2
|
|f = IO.popen(cmd)
|output = f.readlines

Can you show us error reproducing script and how to run it? Code
snippet is not enough to detect bugs. Do I have to compile

|http://www.acm.rpi.edu/~dilinger/modxmlrpc-snap.tar.gz

to get an error?


matz.

 

[Andres Salomon]

--=-24L2uOK2NJwnFyV0XOHS
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Hi,
=20
In message "Re: segfaulting in IO.popen()"

=20
|I'm having a problem w/ mod_xmlrpc segfaulting inside a call to
|IO.popen. The code snippet that's being run is:
|
|cmd =3D 'sudo ' + PRIV + ' /usr/bin/apt-get -u --trivial-only dist-upgra= de'
|skip =3D 2
|
|f =3D IO.popen(cmd)
|output =3D f.readlines
=20
Can you show us error reproducing script and how to run it? Code
snippet is not enough to detect bugs. Do I have to compile
=20

Unfortunately, I can't reproduce it with an individual script; I need
all the scripts together (this bug has been incredibly frustrating to
narrow down). I actually managed to make the bug go away by wrapping
dbi, openssl, and ipaddr requires w/ GC.disable/GC.enable (ie,=20
GC.disable
require 'ipaddr'
GC.enable).

|http://www.acm.rpi.edu/~dilinger/modxmlrpc-snap.tar.gz
=20
to get an error?
=20

Yes; the dependencies are kind of specific (apache2, xmlrpc-c, cmake..).
If you use debian, I can prepare packages for you (libapache2-mod-
xmlrpc2 is already in debian testing/unstable, but it's an older version
that doesn't have ruby support).

I'll try to narrow this down as much as possible, as I realize I'm not
giving you much to work w/; unfortunately, I've seen variations of this
bug (I think) before, and it's been randomly appearing/disappearing for
months.


--=20
Andres Salomon <[email protected]>

--=-24L2uOK2NJwnFyV0XOHS
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQBBWMtB78o9R9NraMQRAvSdAJ938DXcaLuP5ZcSdJk4l7S9HQaLbgCeO9ug
usVt/YwtArdN6sMl8E78iPg=
=SlBO
-----END PGP SIGNATURE-----

--=-24L2uOK2NJwnFyV0XOHS--