[Varnish] #578: Regression in 2.0.5: Segfault while processing a page with dozens of ESI fragments
Varnish
varnish-bugs at projects.linpro.no
Fri Nov 13 16:00:03 CET 2009
#578: Regression in 2.0.5: Segfault while processing a page with dozens of ESI
fragments
--------------------------+-------------------------------------------------
Reporter: kali | Type: defect
Status: new | Priority: normal
Milestone: | Component: build
Version: trunk | Severity: major
Keywords: esi segfault |
--------------------------+-------------------------------------------------
While processing pages with numerous {{{ <esi:include ... /> }}} tags,
varnish crashes with a segmentation fault.
We use literally hundreds of esi fragment to compose some of our pages.
I have tracked the error to cache_vrt_esi.c:384. This code duplicates the
included fragment URI before "fixing" its url. When there are too many
fragments in the same object, the object workspace, wich is used here,
overflows and WS_Alloc returns NULL. This returned value is not checked,
so the memcpy segfaults with very little usefull diagnostic information.
I'm not sure about a possible configuration workaround by increasing
obj_workspace by several orders of magnitude, but this does not sound
right to me. I thought it would be better to use the session_workspace to
store these urls, as space there is less expensive.
I have setup a vtc test that work with 2.0.4, but crashes 2.0.5. It
artificialy reduces obj_workspace to 2048, to crash with a few dozens of
esi includes, but shows the difference of behaviour between 2.0.4 and
2.0.5.
--
Ticket URL: <http://varnish.projects.linpro.no/ticket/578>
Varnish <http://varnish.projects.linpro.no/>
The Varnish HTTP Accelerator
More information about the varnish-bugs
mailing list