Hi everyone.

I'm seeing a segfault in 1.0.5 in worker processes, most reliably caused
when a visitor attempts to access what is actually an invalid URL
(index.php/index.php?...). I can however also reproduce it on another
vhost with valid URLs that fail occasionally and work when you retry.

The segfault is always in the call to uscf->peer.init(r, uscf) (line 622
in src/http/ngx_http_upstream.c) and occurs because uscf is not a valid
pointer. Most of the time it is NULL, but I have also seen it be in the
low positive integer range. The function itself is working fine, but
r->upstream->conf->upstream is not getting set right, presumably at
initialisation time.

I've done some analysis using GDB, but have spent far too much time on
this already today, so I'd thought I'd ask here as to whether people
might have hints as to what I should look at, or a simple patch to test
that I haven't yet found in Googling.

The configuration for the vhost that's repeatably segfaulting looks like
this:

server { listen 74.207.252.120:81; server_name mtevelyn.crca.org.au;
rewrite ^(.*) http://www.mtevelyn.crca.org.au:81$1 permanent; }

server {
listen 74.207.252.120:81;
server_name www.mtevelyn.crca.org.au;

access_log /var/log/nginx/mtevelyn.crca.org.au.access.log;
error_log /var/log/nginx/mtevelyn.crca.org.au.error.log debug;
# error_log /var/log/nginx/mtevelyn.crca.org.au.error.log;

large_client_header_buffers 4 8k; # prevent some 400 errors

root /home/mtevelyn-website/public_html;
index index.html default.htm index.htm index.php;

location / {
expires 30d;
error_page 404 = @joomla;
log_not_found off;
}

# location /index.php/index.php {
# rewrite ^/index.php?q=$1 last;
# }

# location /index.php {
# rewrite ^/index.php/(.*)$ /$1;
# }

location @joomla {
rewrite ^(.*)$ /index.php?q=$1 last;
}

# serve static files directly
location ~* ^.+\.(jpg|jpeg|gif|css|png|js|ico)$ {
access_log off;
expires 30d;
}

location ~ .php$ {
include /etc/nginx/fastcgi_params;

if ($uri !~ "^/images|cache|media/") {
fastcgi_pass 127.0.0.1:9000;
}

if ($uri ~ "^(.+\.php)(/.+)") {
set $script $1;
set $path_info $2;
}

fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME
$document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
}
}


/etc/nginx/fastcgi_params contains:

fastcgi_intercept_errors off;
fastcgi_ignore_client_abort off;

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;

fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;

fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;

fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE ApacheSolaris/$nginx_version;

fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;

#fastcgi_index index.php;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;

A URL that causes the segfault is:

http://mtevelyn.crca.org.au/index.php/index.php?view=venueevents&id=1%3Achurch-building&task=archive&option=com_eventlist&el_mcal_month=12&el_mcal_year=2032&limitstart=75


Regards,

Nigel
--
Evolution (n): A hypothetical process whereby improbable
events occur with alarming frequency, order arises from chaos, and
no one is given credit.

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel