[Libwebsockets] [libwebsockets] #28: Crash due to file descriptor being accessed from union storing header data

Trac trac at libwebsockets.org
Mon May 13 15:10:54 CEST 2013


#28: Crash due to file descriptor being accessed from union storing header data
------------------------------------+--------------------------------
  Reporter:  simonwulf              |      Owner:  agreen
      Type:  defect                 |     Status:  new
  Priority:  critical               |  Milestone:
 Component:  libwebsockets library  |    Version:
Resolution:                         |   Keywords:  server union crash
------------------------------------+--------------------------------

Comment (by simonwulf):

 I got another crash that is kind of related to the original issue of this
 ticket. When scanning a qr code containing a url to the server using
 [https://itunes.apple.com/app/qr-reader-for-iphone/id368494609 this] iOS
 app, the server crashes when trying to close the http connection using a
 bad file descriptor. The app is using it's "own" web browser (probably a
 webkit cocoa component).

 [1368448684:2066] NOTICE: libwebsockets test server - (C) Copyright
 2010-2013 An
 dy Green <andy at warmcat.com> - licensed under LGPL2.1
 [1368448684:2066] NOTICE: Initial logging level 991
 [1368448684:2066] NOTICE: Library version: 1.3 86aa805
 [1368448684:2066] INFO:  LWS_MAX_HEADER_LEN: 1024
 [1368448684:2066] INFO:  LWS_MAX_PROTOCOLS: 5
 [1368448684:2076] INFO:  LWS_MAX_EXTENSIONS_ACTIVE: 3
 [1368448684:2076] INFO:  SPEC_LATEST_SUPPORTED: 13
 [1368448684:2076] INFO:  AWAITING_TIMEOUT: 5
 [1368448684:2076] INFO:  SYSTEM_RANDOM_FILEPATH: '/dev/urandom'
 [1368448684:2076] INFO:  LWS_MAX_ZLIB_CONN_BUFFER: 65536
 [1368448684:2086] NOTICE:  static allocation: 4436 + (12 x 30000 fds) =
 364436 b
 ytes
 [1368448684:2186] NOTICE:  canonical_hostname = 82TLQS1
 [1368448684:2186] NOTICE:  Compiled without SSL support
 [1368448684:2186] NOTICE:  per-conn mem: 124 + 1360 headers + protocol rx
 buf
 [1368448684:2186] INFO: insert_wsi_socket_into_fds: wsi=008C5440,
 sock=416, fds
 pos=0
 [1368448684:2186] NOTICE:  Listening on port 7681
 [1368448684:2186] EXTENSION:   Extension: x-webkit-deflate-frame
 [1368448684:2186] EXTENSION:   Extension: deflate-frame
 [1368448694:6552] DEBUG: accepted new conn  port 50930 on fd=420
 [1368448694:6562] INFO: insert_wsi_socket_into_fds: wsi=008C54E8,
 sock=420, fds
 pos=1
 [1368448694:7052] INFO: Unknown method - dropping
 [1368448694:7062] INFO: libwebsocket_parse failed
 [1368448694:7082] INFO: closing connection at libwebsocket_read bail:
 [1368448694:7102] DEBUG: closing http fd 9196944

 What's weird is that if I restart the server while the app is still trying
 to load the page, the crash does not occur and gives the following output:

 [1368448700:8286] NOTICE: libwebsockets test server - (C) Copyright
 2010-2013 An
 dy Green <andy at warmcat.com> - licensed under LGPL2.1
 [1368448700:8296] NOTICE: Initial logging level 991
 [1368448700:8296] NOTICE: Library version: 1.3 86aa805
 [1368448700:8296] INFO:  LWS_MAX_HEADER_LEN: 1024
 [1368448700:8296] INFO:  LWS_MAX_PROTOCOLS: 5
 [1368448700:8296] INFO:  LWS_MAX_EXTENSIONS_ACTIVE: 3
 [1368448700:8296] INFO:  SPEC_LATEST_SUPPORTED: 13
 [1368448700:8296] INFO:  AWAITING_TIMEOUT: 5
 [1368448700:8296] INFO:  SYSTEM_RANDOM_FILEPATH: '/dev/urandom'
 [1368448700:8296] INFO:  LWS_MAX_ZLIB_CONN_BUFFER: 65536
 [1368448700:8306] NOTICE:  static allocation: 4436 + (12 x 30000 fds) =
 364436 b
 ytes
 [1368448700:8396] NOTICE:  canonical_hostname = 82TLQS1
 [1368448700:8396] NOTICE:  Compiled without SSL support
 [1368448700:8396] NOTICE:  per-conn mem: 124 + 1360 headers + protocol rx
 buf
 [1368448700:8396] INFO: insert_wsi_socket_into_fds: wsi=00195440,
 sock=416, fds
 pos=0
 [1368448700:8406] NOTICE:  Listening on port 7681
 [1368448700:8406] EXTENSION:   Extension: x-webkit-deflate-frame
 [1368448700:8406] EXTENSION:   Extension: deflate-frame
 [1368448701:4636] DEBUG: accepted new conn  port 50936 on fd=420
 [1368448701:4646] INFO: insert_wsi_socket_into_fds: wsi=001954E8,
 sock=420, fds
 pos=1
 [1368448701:7226] INFO: HTTP request for '/'
 [1368448701:7256] NOTICE: choked before able to send whole file (post)
 [1368448702:0546] DEBUG: closing http fd 3
 [1368448702:0556] DEBUG: close: just_kill_connection
 [1368448702:0576] INFO: remove_wsi_socket_from_fds: wsi=001954E8,
 sock=420, fds
 pos=1
 [1368448702:0586] DEBUG: not calling back closed
 [1368448702:0606] DEBUG: accepted new conn  port 50937 on fd=420
 [1368448702:0626] INFO: insert_wsi_socket_into_fds: wsi=00195B88,
 sock=420, fds
 pos=1
 [1368448702:1026] INFO: HTTP request for '/libwebsockets.org-logo.png'
 [1368448702:1046] INFO: LWS_CALLBACK_HTTP closing
 [1368448702:1056] INFO: closing connection at libwebsocket_read bail:
 [1368448702:1066] DEBUG: closing http fd 3
 [1368448702:1076] DEBUG: close: just_kill_connection
 [1368448702:1086] INFO: remove_wsi_socket_from_fds: wsi=00195B88,
 sock=420, fds
 pos=1
 [1368448702:1116] DEBUG: not calling back closed
 [1368448702:2147] DEBUG: accepted new conn  port 50938 on fd=420
 [1368448702:2147] INFO: insert_wsi_socket_into_fds: wsi=00195B88,
 sock=420, fds
 pos=1
 [1368448702:2167] DEBUG: accepted new conn  port 50939 on fd=424
 [1368448702:2187] INFO: insert_wsi_socket_into_fds: wsi=00195A68,
 sock=424, fds
 pos=2
     GET URI = /
     Host = 193.11.10.173:7681
     Connection = Upgrade
     Protocol = dumb-increment-protocol
     Upgrade = websocket
     Origin = http://193.11.10.173:7681
     Key = t2iSn1Wcyg8y2y2x7qc4vQ==
     Version = 13
     Extensions = x-webkit-deflate-frame
 [1368448702:2577] EXTENSION: zlibs constructed
 HTTP/1.1 101 Switching Protocols
 Upgrade: WebSocket
 Connection: Upgrade
 Sec-WebSocket-Accept: GbB7QPhtNRGVx+qoL6i3x5L9poY=
 Sec-WebSocket-Protocol: dumb-increment-protocol
 Sec-WebSocket-Extensions: x-webkit-deflate-frame

 [1368448702:2617] INFO: callback_dumb_increment: LWS_CALLBACK_ESTABLISHED
 [1368448702:2627] INFO: Allocating RX buffer 32
     GET URI = /
     Host = 193.11.10.173:7681
     Connection = Upgrade
     Protocol = lws-mirror-protocol
     Upgrade = websocket
     Origin = http://193.11.10.173:7681
     Key = xQ2rMzEJEcsHitQQswLofQ==
     Version = 13
     Extensions = x-webkit-deflate-frame
 [1368448702:2907] EXTENSION: zlibs constructed
 HTTP/1.1 101 Switching Protocols
 Upgrade: WebSocket
 Connection: Upgrade
 Sec-WebSocket-Accept: R8hrV9Ux3PWdoNZXTEjmpgFdr+w=
 Sec-WebSocket-Protocol: lws-mirror-protocol
 Sec-WebSocket-Extensions: x-webkit-deflate-frame

 [1368448702:2937] INFO: callback_lws_mirror: LWS_CALLBACK_ESTABLISHED
 [1368448702:2947] INFO: Allocating RX buffer 150
 [1368448702:3887] DEBUG: deflate-frame ext TX did realloc to 4
 [1368448702:3897] DEBUG: deflate-frame ext TX did realloc to 4
 [1368448702:3907] DEBUG: deflate-frame ext TX did realloc to 4
 [1368448712:1432] DEBUG: close: just_kill_connection
 [1368448712:1432] INFO: remove_wsi_socket_from_fds: wsi=00195440,
 sock=416, fds
 pos=0
 [1368448712:1452] DEBUG: not calling back closed
 [1368448712:1472] DEBUG: closing: shutdown returned 0
 [1368448712:1492] DEBUG: close: just_kill_connection
 [1368448712:1502] INFO: remove_wsi_socket_from_fds: wsi=00195A68,
 sock=424, fds
 pos=0
 [1368448712:1512] DEBUG: calling back CLOSED
 [1368448712:1532] INFO: callback_lws_mirror: LWS_CALLBACK_CLOSED
 [1368448712:1542] EXTENSION: zlibs destructed
 [1368448712:1562] DEBUG: close: just_kill_connection
 [1368448712:1582] DEBUG: calling back CLOSED
 [1368448712:1592] INFO: callback_dumb_increment: LWS_CALLBACK_CLOSED
 [1368448712:1612] EXTENSION: zlibs destructed
 [1368448712:1622] NOTICE: mirror protocol cleaning up
 [1368448712:1642] NOTICE: libwebsockets-test-server exited cleanly

-- 
Ticket URL: <http://libwebsockets.org/trac/ticket/28#comment:17>
libwebsockets <http://libwebsockets.org>
libwebsockets C library



More information about the Libwebsockets mailing list