HEAD3 HttpReply.cc random SEGVs

 Hi,

 chased down one random crash:

Index: HttpReply.cc
===================================================================
RCS file: /cvsroot/squid/squid3/src/HttpReply.cc,v
retrieving revision 1.16
diff -u -r1.16 HttpReply.cc
--- HttpReply.cc 30 Sep 2003 02:12:40 -0000 1.16
+++ HttpReply.cc 12 Dec 2003 15:55:51 -0000
@@ -353,7 +353,7 @@
 
     two = httpHeaderGetStrOrList(&otherRep->header, HDR_CONTENT_MD5);
 
- if (strcasecmp (one.buf(), two.buf())) {
+ if (!one.buf() || !two.buf() || strcasecmp (one.buf(), two.buf())) {
         one.clean();
         two.clean();
         return 0;

Program received signal SIGABRT, Aborted.
0xdf7f69d1 in __sigprocmask () from /usr/lib/libthread.so.1
(gdb) bt
#0 0xdf7f69d1 in __sigprocmask () from /usr/lib/libthread.so.1
#1 0xdf7ed4d5 in _resetsig () from /usr/lib/libthread.so.1
#2 0xdf7ecdde in _sigon () from /usr/lib/libthread.so.1
#3 0xdf7ea7f0 in _lmutex_unlock () from /usr/lib/libthread.so.1
#4 0xdf7ef497 in _thrp_kill () from /usr/lib/libthread.so.1
#5 0xdf7ef388 in thr_kill () from /usr/lib/libthread.so.1
#6 0xdf8db82f in raise () from /usr/lib/libc.so.1
#7 0xdf8cbc60 in abort () from /usr/lib/libc.so.1
#8 0x8134415 in death () at ../../HEAD3/src/tools.cc:374
#9 0xdf7e78a7 in __sighndlr () from /usr/lib/libthread.so.1
#10 0xdf7f586f in sigacthandler () from /usr/lib/libthread.so.1
#11 <signal handler called>
#12 0xdf8de49c in strcasecmp () from /usr/lib/libc.so.1
#13 0x80fa2b0 in _Z24httpReplyValidatorsMatchPK9HttpReplyS1_ (rep=0x88cd718, otherRep=0x88cdab8)
    at ../../HEAD3/src/HttpReply.cc:356
#14 0x80ba281 in _ZNK18clientReplyContext18clientGetsOldEntryEv (this=<incomplete type>)
    at ../../HEAD3/src/client_side_reply.cc:318
#15 0x80baa75 in _ZN18clientReplyContext14handleIMSReplyE13StoreIOBuffer (this=<incomplete type>, result={flags = {error = 0},
      length = 166, offset = 0,
      data = 0xde95ac7c "HTTP/1.1 304 Not Modified\r\nDate: Fri, 12 Dec 2003 15:42:00 GMT\r\nLast-Modified: Fri, 12 Dec 2003 03:24:05 GMT\r\nETag: \"80b845655fc0c31:0000\"\r\nConnection: keep-alive\r\n\r\n"}) at ../../HEAD3/src/client_side_reply.cc:533
#16 0x80ba443 in _ZN18clientReplyContext14HandleIMSReplyEPv13StoreIOBuffer (data=0xde95ac48, result={flags = {error = 0},
      length = 166, offset = 0,
      data = 0xde95ac7c "HTTP/1.1 304 Not Modified\r\nDate: Fri, 12 Dec 2003 15:42:00 GMT\r\nLast-Modified: Fri, 12 Dec 2003 03:24:05 GMT\r\nETag: \"80b845655fc0c31:0000\"\r\nConnection: keep-alive\r\n\r\n"}) at ../../HEAD3/src/client_side_reply.cc:360
#17 0x812b1fa in _ZN12store_client8callbackEib (this=0x861ca40, sz=166, error=false) at ../../HEAD3/src/store_client.cc:164
#18 0x812bd9e in _ZN12store_client15scheduleMemReadEv (this=<incomplete type>) at ../../HEAD3/src/store_client.cc:446
#19 0x812bc97 in _ZN12store_client12scheduleReadEv (this=<incomplete type>) at ../../HEAD3/src/store_client.cc:419
#20 0x812bb99 in _ZN12store_client6doCopyEP10StoreEntry (this=<incomplete type>, anEntry=0xdf412020)
    at ../../HEAD3/src/store_client.cc:375
#21 0x812ba10 in _Z16storeClientCopy2P10StoreEntryP12store_client (e=0xdf412020, sc=0x861ca40)
    at ../../HEAD3/src/store_client.cc:332
#22 0x812c888 in InvokeHandlers (e=0xdf412020) at ../../HEAD3/src/store_client.cc:728
#23 0x81281fb in _ZN10StoreEntry8completeEv (this=<incomplete type>) at ../../HEAD3/src/store.cc:1049
#24 0x80ddfcd in fwdComplete (fwdState=0x87997c4) at ../../HEAD3/src/forward.cc:1000
#25 0x80edc8e in _ZN13HttpStateData16processReplyDataEPKcj (this=<incomplete type>,
    buf=0xdcdf009c "HTTP/1.1 304 Not Modified\r\nDate: Fri, 12 Dec 2003 15:42:00 GMT\r\nLast-Modified: Fri, 12 Dec 2003 03:24:05 GMT\r\nETag: \"80b845655fc0c31:0000\"\r\nConnection: keep-alive\r\n\r\n", len=166) at ../../HEAD3/src/http.cc:1032
#26 0x80ed991 in _ZN13HttpStateData9readReplyEiPcj10comm_err_tiPv (this=<incomplete type>, fd=24,
    readBuf=0xdcdf009c "HTTP/1.1 304 Not Modified\r\nDate: Fri, 12 Dec 2003 15:42:00 GMT\r\nLast-Modified: Fri, 12 Dec 2003 03:24:05 GMT\r\nETag: \"80b845655fc0c31:0000\"\r\nConnection: keep-alive\r\n\r\n", len=166, flag=COMM_OK, xerrno=0, data=0xdcdf0064)
    at ../../HEAD3/src/http.cc:959
#27 0x80ed464 in _Z13httpReadReplyiPcj10comm_err_tiPv (fd=24,
    buf=0xdcdf009c "HTTP/1.1 304 Not Modified\r\nDate: Fri, 12 Dec 2003 15:42:00 GMT\r\nLast-Modified: Fri, 12 Dec 2003 03:24:05 GMT\r\nETag: \"80b845655fc0c31:0000\"\r\nConnection: keep-alive\r\n\r\n", len=166, flag=COMM_OK, xerrno=0, data=0xdcdf0064)
    at ../../HEAD3/src/http.cc:826
#28 0x80c2aed in _ZN20CommReadCallbackData12callCallbackEv (this=<incomplete type>) at ../../HEAD3/src/comm.cc:491
#29 0x80c2cdc in _ZN16CommCallbackData13callACallbackEv (this=<incomplete type>) at ../../HEAD3/src/comm.cc:530
#30 0x80c2d64 in _Z19comm_calliocallbackv () at ../../HEAD3/src/comm.cc:565
#31 0x8103aba in main (argc=2, argv=0x8047980) at ../../HEAD3/src/main.cc:1140
(gdb) up
#13 0x80fa2b0 in _Z24httpReplyValidatorsMatchPK9HttpReplyS1_ (rep=0x88cd718, otherRep=0x88cdab8)
    at ../../HEAD3/src/HttpReply.cc:356

(gdb) l 356
351 /* MD5 */
352 one = httpHeaderGetStrOrList(&rep->header, HDR_CONTENT_MD5);
353
354 two = httpHeaderGetStrOrList(&otherRep->header, HDR_CONTENT_MD5);
355
356 if (strcasecmp (one.buf(), two.buf())) {
357 one.clean();
358 two.clean();
359 return 0;
360 }
(gdb) p one
$1 = {size_ = 0, len_ = 0, buf_ = 0x0}
(gdb) p two
$2 = {size_ = 0, len_ = 0, buf_ = 0x0}

------------------------------------
 Andres Kroonmaa <andre@online.ee>
 CTO, Microlink Data AS
 Tel: 6501 731, Fax: 6501 725
 Pärnu mnt. 158, Tallinn
 11317 Estonia
Received on Fri Dec 12 2003 - 09:02:54 MST