Strange Segmentation Fault

[Tim Evers]

Hi,

though I'm some kind of experienced bug-hunter I have no idea what
happens in the following case:

linux system, apache w. suexec, perl, graphviz (2.8).

A perl script calls the graphviz binary. This works perfectly in a console
but fails with a segfault when called under Apache/mod_cgi/perl
regardsless of suexec beeing active or not. All Apache limits are off,
ulimit ist set to unlimited, user is both the same.

This is a strace excerpt:

27137 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x400e5000
27137 read(3, "\ndigraph A {\ngraph [ clusterMode=\"local\" rankdir=\"LR\", ranksep=\"1\", bgcolor=\"#EDEDEE\"]\nnode [shape=record,style=filled,fontname=\"
Verdana\",fontsize=10,fontcolor=\"#8C0000\",color=\"#FF0000\",fillcolor=\"#EE"..., 4096) = 1882
27137 brk(0x8052000) = 0x8052000
27137 brk(0x8053000) = 0x8053000
27137 brk(0x8054000) = 0x8054000
27137 brk(0x8058000) = 0x8058000
27137 brk(0x8059000) = 0x8059000
27137 brk(0x805a000) = 0x805a000
27137 --- SIGSEGV (Segmentation fault) ---
27137 +++ killed by SIGSEGV +++

Executed on a console:

17162 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x400e5000
17162 read(3, "\ndigraph A {\ngraph [ clusterMode=\"local\" rankdir=\"LR\", ranksep=\"1\", bgcolor=\"#EDEDEE\"]\nnode [shape=record,style=filled,fontname=\"
Verdana\",fontsize=10,fontcolor=\"#8C0000\",color=\"#FF0000\",fillcolor=\"#EE"..., 4096) = 1882
17162 brk(0x8052000) = 0x8052000
17162 brk(0x8053000) = 0x8053000
17162 brk(0x8054000) = 0x8054000
17162 brk(0x8058000) = 0x8058000
17162 brk(0x8059000) = 0x8059000
17162 brk(0x805a000) = 0x805a000
17162 time(NULL) = 115099714

And here are the questions:

Does strace record the system call before or after the execution?
What may have happened here?
Any idea anyone?

Regards

Tim

 

[Walter Roberson]

though I'm some kind of experienced bug-hunter I have no idea what
happens in the following case:

linux system, apache w. suexec, perl, graphviz (2.8).

A perl script calls the graphviz binary. This works perfectly in a console
but fails with a segfault when called under Apache/mod_cgi/perl

I think you'd better take this question to a linux newsgroup.
comp.lang.c only deals with matters that are expressible in standard C
but large parts of apache and suexec and perl require system-specific
extensions.

 

[Tim Evers]

Es schrieb (e-mail address removed)-cnrc.gc.ca (Walter Roberson):

I think you'd better take this question to a linux newsgroup.
comp.lang.c only deals with matters that are expressible in standard C
but large parts of apache and suexec and perl require system-specific
extensions.

Thanks for the tip - I will do that, but all the Apache/Perl stuff ist not
problem specific and just presented "colorandi causa".

Is the linux system interface and/or strace ontopic in this group?

Thanks & regards

Tim

 

[Ben Pfaff]

Does strace record the system call before or after the execution?
What may have happened here?

You'd be better off asking the strace or kernel developers. This
is a question about your operating system, not one about the C
programming language.

 

[Ben Pfaff]

Is the linux system interface and/or strace ontopic in this group?

No.

 

[Walter Roberson]

Es schrieb (e-mail address removed)-cnrc.gc.ca (Walter Roberson):

Thanks for the tip - I will do that, but all the Apache/Perl stuff ist not
problem specific and just presented "colorandi causa".

Ah? Then you've been able to reproduce the problem without using
apache or perl? Until you are able to create a test case that does
not rely on those factors, you cannot know whether they are
contributing to the problem or not.


mmap() and mmap2() are not part of standard C.


[Off topic]
When you are running under apache mod_perl, you are going to have
libraries loaded into your address space that you would not otherwise
have loaded. Depending on where the system's memory allocator
places allocated memory relative to loaded libraries, that could
result there being a noticably smaller available allocatable space.
Are you checking all of your malloc()'s to see if they perhaps
return the NULL pointer?

Alternately, it is potentially a case not of running out of virtual
memory, but rather that the virtual memory gets located in a different
place when those libraries are loaded, and that the difference in
location is making visible a bug you have in using a bad pointer
or in accessing an array out of bounds.

So, are you *sure* that
"all the Apache/Perl stuff is not problem specific" ?

 

[Gordon Burditt]

A perl script calls the graphviz binary. This works perfectly in a console

but fails with a segfault when called under Apache/mod_cgi/perl
regardsless of suexec beeing active or not. All Apache limits are off,
ulimit ist set to unlimited, user is both the same.

This is a strace excerpt:

27137 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0x400e5000
27137 read(3, "\ndigraph A {\ngraph [ clusterMode=\"local\"
rankdir=\"LR\", ranksep=\"1\", bgcolor=\"#EDEDEE\"]\nnode
[shape=record,style=filled,fontname=\"
Verdana\",fontsize=10,fontcolor=\"#8C0000\",color=\"#FF0000\",fillcolor=\"#EE"..., 4096) = 1882
27137 brk(0x8052000) = 0x8052000
27137 brk(0x8053000) = 0x8053000
27137 brk(0x8054000) = 0x8054000
27137 brk(0x8058000) = 0x8058000
27137 brk(0x8059000) = 0x8059000
27137 brk(0x805a000) = 0x805a000
27137 --- SIGSEGV (Segmentation fault) ---
27137 +++ killed by SIGSEGV +++

Executed on a console:

17162 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0x400e5000
17162 read(3, "\ndigraph A {\ngraph [ clusterMode=\"local\"
rankdir=\"LR\", ranksep=\"1\", bgcolor=\"#EDEDEE\"]\nnode
[shape=record,style=filled,fontname=\"
Verdana\",fontsize=10,fontcolor=\"#8C0000\",color=\"#FF0000\",fillcolor=\"#EE"..., 4096) = 1882
17162 brk(0x8052000) = 0x8052000
17162 brk(0x8053000) = 0x8053000
17162 brk(0x8054000) = 0x8054000
17162 brk(0x8058000) = 0x8058000
17162 brk(0x8059000) = 0x8059000
17162 brk(0x805a000) = 0x805a000
17162 time(NULL) = 115099714[/QUOTE]

I don't believe that return value from time(). I think you lopped off
a digit at the end.

And here are the questions:

Does strace record the system call before or after the execution?

Since the output seems to show the return value of the system
call, it is recorded afterwards (unless it is recorded BOTH times
and just printed that way).

What may have happened here?

There's a lot of differences between the environment running under
Apache vs. a command-line shell.

- uid and associated ulimits and file permissions
- current working directory
- environment variables
- control terminal or lack thereof

I'd take a hard look at environment variables, especially search
paths for libraries (LD_LIBRARY_PATH) and executables (PATH).
Does anything call getenv() and use the return value without checking
it for NULL?

Gordon L. Burditt

 

[Tim Evers]

Es schrieb (e-mail address removed)-cnrc.gc.ca (Walter Roberson):

So, are you *sure* that
"all the Apache/Perl stuff is not problem specific" ?

At first thanks to all who took time to answer. The problem is solved,
it was a bug in libfontconfig which delivered a nullpointer to strcpy when
$HOME env var was unset. This is the case under Apache/suexec.

Thanks to all who answered though I was offtopic with my question.

regards

Tim