If stdout has already been closed by the CGI and die() gets called,
the CGI will fail to write the "Status: 500 Internal Server Error" to
the pipe, which results in die() being called again (via safe_write).
This goes on in an infinite loop until the stack overflows and the
process is killed by SIGSEGV.
Instead set a flag on the first die() invocation and perform no
action during recursive die() calls. This way failures to write the
error messages to the stdout pipe do not result in an infinite loop.
We also now report on the death to stderr before we report to stdout,
to increase the chances that the cause of the die() invocation will
appear in the server's error log.
Signed-off-by: Shawn O. Pearce <spearce@xxxxxxxxxxx>
---
This patch should be put in maint.
It doesn't fix the underlying problem Brady has found, but it
will at least get us more information by avoiding the infinite
loop and later SIGSEGV crash of the parent CGI.
http-backend.c | 15 ++++++++++-----
1 files changed, 10 insertions(+), 5 deletions(-)
diff --git a/http-backend.c b/http-backend.c
index 8c7b7d0..5c0d649 100644
--- a/http-backend.c
+++ b/http-backend.c
@@ -538,12 +538,17 @@ static void service_rpc(char *service_name)
static NORETURN void die_webcgi(const char *err, va_list params)
{
- http_status(500, "Internal Server Error");
- hdr_nocache();
- end_headers();
+ static int dead;
- vreportf("fatal: ", err, params);
- exit(0);
+ if (!dead) {
+ dead = 1;
+
+ vreportf("fatal: ", err, params);
+ http_status(500, "Internal Server Error");
+ hdr_nocache();
+ end_headers();
+ exit(0);
+ }
}
static char* getdir(void)
--
1.6.4.rc2.182.g24de1
--
Shawn.
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html