Prevent idnsVCClosed segfaults during shutdown or reconfiguration.
idnsShutdown() schedules comm_close and then frees nameservers[] by
calling idnsFreeNameservers. The closing handler tried to access freed
nameservers[]. The patch prevents access to the freed nameservers[]
array in idnsVCClosed and other functions.
TODO: Nameservers[] array management should be rewritten. The array
should not be freed while there are nameservers using it. It should be
freed when the last entry is gone.
The segfault was observed in Squid v3.1-based code:
> Program terminated with signal 6, Aborted.
> #0 0x0000003258230155 in raise () from /lib64/libc.so.6
> (gdb) where
> #0 0x0000003258230155 in raise () from /lib64/libc.so.6
> #1 0x0000003258231bf0 in abort () from /lib64/libc.so.6
> #2 0x00000000004f8838 in death (sig=11) at tools.cc:390
> #3 <signal handler called>
> #4 0x0000000000459d8b in idnsVCClosed (fd=1179, data=0x19c03958) at dns_internal.cc:724
> #5 0x00000000005159e9 in CommCloseCbPtrFun::dial (this=0x1b426870) at CommCalls.cc:207
> #6 0x0000000000513e05 in CommCbFunPtrCallT<CommCloseCbPtrFun>::fire (this=0x1b426840) at CommCalls.h:329
> #7 0x00000000005065c2 in AsyncCall::make (this=0x1b426840) at AsyncCall.cc:34
> #8 0x00000000005094d5 in AsyncCallQueue::fireNext (this=0x19277370) at AsyncCallQueue.cc:53
> #9 0x00000000005095ab in AsyncCallQueue::fire (this=0x19277370) at AsyncCallQueue.cc:39
> #10 0x00000000004622fd in EventLoop::dispatchCalls (this=0x7fffc82d92e0) at EventLoop.cc:154
> #11 0x000000000046254e in EventLoop::runOnce (this=0x7fffc82d92e0) at EventLoop.cc:119
> #12 0x0000000000462692 in EventLoop::run (this=0x7fffc82d92e0) at EventLoop.cc:95
> #13 0x00000000004b3e9c in SquidMain (argc=1, argv=0x7fffc82d94d8) at main.cc:1385
> #14 0x00000000004b3fc8 in SquidMainSafe (argc=1, argv=0x7fffc82d94d8) at main.cc:1146
> #15 0x00000000004b40e9 in main (argc=1, argv=0x7fffc82d94d8) at main.cc:1139
Alex.
This archive was generated by hypermail 2.2.0 : Sun Jan 10 2010 - 12:00:03 MST