I'm having trouble with the stability of OpenSSL with Apache on Win32. OpenSSL 0.9.6, mod-ssl 2.8.2, Apache 1.3.19.
Looks to me like ssl_io_suck_read is following the actx pointer after the pool has been freed. This would not be a problem on UNIX where there's only a single thread. It's a problem under Win32 under load, because the freed pool memory may have been scribbled before it is accessed. Has someone already fixed this? I'm nervous about mucking with this code, so I'd like someone who has a clue to review any fix I come up with (actually, I'd like to pick up the fix that someone else has already made :-) Here's the trace I'm working from. You can make the problem deterministic by recompiling allocl.c with ALLOC_USE_MALLOC defined, and linking against a runtime library that wipes blocks when they are freed. Expression uses dangling pointer PTR: 0x01B61AE0 Location of Error ap_ctx_get d:\apache\apache\src\ap\ap_ctx.c 127 ssl_io_suck_read D:\apache\apache\src\modules\ssl\ssl_engine_io.c 261 SSL_recvwithtimeout D:\apache\apache\src\modules\ssl\ssl_engine_io.c 567 ssl_io_hook_recvwithtimeout D:\apache\apache\src\modules\ssl\ssl_engine_io.c 460 ap_hook_call_func d:\apache\apache\src\ap\ap_hook.c 649 ap_hook_call d:\apache\apache\src\ap\ap_hook.c 382 buff_read d:\apache\apache\src\main\buff.c 299 saferead_guts d:\apache\apache\src\main\buff.c 702 read_with_errors d:\apache\apache\src\main\buff.c 753 ap_bgets d:\apache\apache\src\main\buff.c 906 getline d:\apache\apache\src\main\http_protocol.c 834 read_request_line d:\apache\apache\src\main\http_protocol.c 957 ap_read_request d:\apache\apache\src\main\http_protocol.c 1119 child_sub_main d:\apache\apache\src\main\http_main.c 5561 child_main d:\apache\apache\src\main\http_main.c 5638 _threadstartex threadex.c 212 Point of Allocation ap_palloc d:\apache\apache\src\main\alloc.c 901 ap_pcalloc d:\apache\apache\src\main\alloc.c 980 ap_read_request d:\apache\apache\src\main\http_protocol.c 1079 child_sub_main d:\apache\apache\src\main\http_main.c 5561 child_main d:\apache\apache\src\main\http_main.c 5638 _threadstartex threadex.c 212 Point of De-allocation ap_clear_pool d:\apache\apache\src\main\alloc.c 708 ap_destroy_pool d:\apache\apache\src\main\alloc.c 720 child_sub_main d:\apache\apache\src\main\http_main.c 5572 child_main d:\apache\apache\src\main\http_main.c 5638 _threadstartex threadex.c 212 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
