FastCGI dump

Stephen Iddings (uiddise@lexis-nexis.com)
Wed, 17 Sep 1997 09:54:27 -0400

Date: Wed, 17 Sep 1997 09:54:27 -0400
From: uiddise@lexis-nexis.com (Stephen Iddings)
Message-Id: <199709171354.JAA17448@velma.lexis-nexis.com>
To: stanleyg@cs.bu.edu
Subject: FastCGI dump


Stanley wrote,

>	This indeed looks like a problem... From your output 
>it seems that FCGIHandler is passing a null pointer to the
>BufferDelete routines.  Is the problem reproducible under
>other OS, os is it specific to Solaris.  Also, do you have
>any error messages in your logfile (which should help track
>down the problem). Finally, if it possible for you, can you
>track down exactly whihc BufferDelete call it croaks on ,
>there are 4 right now ( in FCGICleanup())						

>>On Mon, 15 Sep 1997, Stephen Iddings wrote:

>> We are currently using FastCGI 2.0b1 with Apache 1.2.1 on Solaris 5.5.1 and
>> we are experiencing a core dump.  It appears that if the number of requests
>> for a FastCGI application exceeds the listen-queue-depth that the application
>> returns a HTTP 500 (Internal Server Error) and then core dumps.

Without going to far into the code we were able to track the problem down further.  We found that the program was dumping in :

FastCgiHandle()
  OS_FreeIpcAddr(ipcAddrPtr) 
     DStringFree(&ipcAddrPtr->bindPath)
       free(dsPtr->string)

It appeared that an attempt was being made to free up uninitialized, or static memory.  Examining the code in FastCgiHandle() we came up with a temporary work around:

ConnectionErrorReturn:
    msg = (char *) strerror(errno);
    if (msg == NULL) {
        msg = "errno out of range";
    }
    Free(infoPtr->errorMsg);
    if(dynamic==TRUE) {           /* added by l-n */
      OS_FreeIpcAddr(ipcAddrPtr);
    }
    infoPtr->errorMsg = Malloc(FCGI_ERRMSG_LEN + strlen(msg));
    sprintf(infoPtr->errorMsg,
            "mod_fastcgi: Could not connect to application,"
            " OS error '%s'", msg);

 All of our FCGI apps are being ran in static mode for these tests.  Should this call to OS_FreeIpcAddr(ipcAddrPtr) be linked to (dynamic == TRUE)?

Thanks,
Steve