diff options
| author | Yann Ylavic <ylavic@apache.org> | 2021-01-05 10:20:45 +0000 |
|---|---|---|
| committer | Yann Ylavic <ylavic@apache.org> | 2021-01-05 10:20:45 +0000 |
| commit | fb3f3ea09d62429d60827f8e1de23b4cda954f4f (patch) | |
| tree | 957b5dd81bc56bc694df2bb0493d19130fd0f6bc /server | |
| parent | e375a86019d9fb9cd6762b89753fc5165c8e8e10 (diff) | |
| download | httpd-fb3f3ea09d62429d60827f8e1de23b4cda954f4f.tar.gz | |
Merge r1883704, r1883707 from trunk:
mod_proxy_http2: thread safety with MPM prefork, still..
The allocator of pchild has no mutex with MPM prefork, but we need one
for h2 workers threads synchronization.
Even though mod_http2 shouldn't be used with prefork, better be safe than
sorry, so forcibly set the mutex in h2_child_init() if it doesn't exist.
This prevents the below situation:
AddressSanitizer: heap-use-after-free on address 0x6250003ea938 at pc 0x7fe229f40f3c bp 0x7fe22146dd30 sp 0x7fe22146dd28
WRITE of size 8 at 0x6250003ea938 thread T4
#0 0x7fe229f40f3b in apr_pool_destroy memory/unix/apr_pools.c:1015
`-> if ((*pool->ref = pool->sibling) != NULL)
#1 0x7fe229f6ef1a in apr_thread_exit threadproc/unix/thread.c:206
#2 0x7fe223a26671 in slot_run /home/yle/src/apache/httpd/trunk.ro/modules/http2/h2_workers.c:248
#3 0x7fe229f6ebcc in dummy_worker threadproc/unix/thread.c:142
#4 0x7fe229ecbea6 in start_thread nptl/pthread_create.c:477
#5 0x7fe229df9d4e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xfdd4e)
0x6250003ea938 is located 56 bytes inside of 8192-byte region [0x6250003ea900,0x6250003ec900)
freed by thread T6 here:
#0 0x7fe22a1ecb6f in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.6+0xa9b6f)
#1 0x7fe229f3fe38 in allocator_free memory/unix/apr_pools.c:507
#2 0x7fe229f4107b in apr_pool_destroy memory/unix/apr_pools.c:1043
#3 0x7fe229f6ef1a in apr_thread_exit threadproc/unix/thread.c:206
#4 0x7fe223a26671 in slot_run /home/yle/src/apache/httpd/trunk.ro/modules/http2/h2_workers.c:248
#5 0x7fe229f6ebcc in dummy_worker threadproc/unix/thread.c:142
#6 0x7fe229ecbea6 in start_thread nptl/pthread_create.c:477
mod_proxy_http2: follow up to r1883704.
For event/worker MPMs, pchild uses pconf's allocator, so its is NULL.
Submitted by: ylavic
Reviewed by: ylavic, jorton, covener
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1885138 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'server')
0 files changed, 0 insertions, 0 deletions