[Libwebsockets] [libwebsockets] #28: Crash due to file descriptor being accessed from union storing header data

Trac trac at libwebsockets.org
Sat May 4 01:47:02 CEST 2013


#28: Crash due to file descriptor being accessed from union storing header data
------------------------------------+--------------------------------
  Reporter:  simonwulf              |      Owner:  agreen
      Type:  defect                 |     Status:  new
  Priority:  critical               |  Milestone:
 Component:  libwebsockets library  |    Version:
Resolution:                         |   Keywords:  server union crash
------------------------------------+--------------------------------

Comment (by agreen):

 Yes the behaviour is different in Windows then.  "calling back CLOSED" is
 telling that it's really doing the user callback for closed.

                 lwsl_debug("calling back CLOSED\n");
                 wsi->protocol->callback(context, wsi, LWS_CALLBACK_CLOSED,
                                                       wsi->user_space,
 NULL, 0);

 But between closing the tab and killing the server, we only see it once in
 your log; in my log it's coming twice there, once for dumb_increment and
 once for mirror.  Your log matches / documents your issue well, but isn't
 what happens in Linux.

 I can suggest a workaround that should remove the sting a bit in a
 practical server.

 In the info struct used to pass settings when creating the context, there
 are some members that allow defining if tcp keepalive should be used.

         int ka_time;
         int ka_interval;

 are the important ones for Windows.  By default in the test server they're
 left at 0 disabling keepalive.  Windows defines these as

         The keepalivetime member specifies the timeout, in milliseconds,
 with no activity until the first keep-alive packet is sent. The
 keepaliveinterval member specifies the interval, in milliseconds, between
 when successive keep-alive packets are sent if no acknowledgement is
 received.

 These basically provoke fake but ignored traffic on idle connections,
 allowing the peer to notice it can no longer send on a dead socket.  If
 you initialize these in test server main() before creating the context,
 the server should realize after some time it no longer has a workable
 connection and enforce the close.  At least that will stop dead
 connections piling up.

 In terms of actually fixing it, the problem seems to be coming from
 ./win32port/websock-win32.c.  I attach an untested patch that might change
 close detect behaviour.

-- 
Ticket URL: <http://libwebsockets.org/trac/ticket/28#comment:11>
libwebsockets <http://libwebsockets.org>
libwebsockets C library



More information about the Libwebsockets mailing list