Skip to content

TS-4905: Set parent NULL after destroy() is called#1075

Merged
masaori335 merged 1 commit intoapache:masterfrom
masaori335:ts-4905
Oct 6, 2016
Merged

TS-4905: Set parent NULL after destroy() is called#1075
masaori335 merged 1 commit intoapache:masterfrom
masaori335:ts-4905

Conversation

@masaori335
Copy link
Copy Markdown
Contributor

@masaori335 masaori335 commented Oct 4, 2016
edited
Loading

TS-4905

IMO, the problem is calling Http1ClientSession::get_netvc() after Http1ClientSession::free() is called.
So set pointer to Http1ClientSession NULL after Http1ClientSession::destroy() is called in Http1ClientTransaction::transaction_done()

@masaori335 masaori335 added the HTTP label Oct 4, 2016
@atsci
Copy link
Copy Markdown

atsci commented Oct 4, 2016

FreeBSD build successful! See https://ci.trafficserver.apache.org/job/Github-FreeBSD/924/ for details.

@atsci
Copy link
Copy Markdown

atsci commented Oct 4, 2016

Linux build successful! See https://ci.trafficserver.apache.org/job/Github-Linux/818/ for details.

@masaori335 masaori335 added this to the 7.0.0 milestone Oct 4, 2016
jpeach
jpeach requested changes Oct 4, 2016
View reviewed changes
proxy/http/Http1ClientTransaction.cc
// If the parent session is not in the closed state, the destroy will not occur.
if (parent) {
parent->destroy();
parent = NULL;
Copy link
Copy Markdown
Contributor

@jpeach jpeach Oct 4, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think this is right, because destroy() might not destroy.

Copy link
Copy Markdown
Contributor Author

@masaori335 masaori335 Oct 5, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, I'm not 100% sure this is right or not. But from the backtrace, destroy() calls free(). In this case we need to set parent NULL.

#0  Http1ClientSession::free (this=0x60ae0001cc80) at Http1ClientSession.cc:100
#1  0x00000000005c2386 in ProxyClientSession::handle_api_return (this=0x60ae0001cc80, event=60000) at ProxyClientSession.cc:206
#2  0x00000000005c1f25 in ProxyClientSession::do_api_callout (this=0x60ae0001cc80, id=TS_HTTP_SSN_CLOSE_HOOK) at ProxyClientSession.cc:177
#3  0x000000000065f787 in Http1ClientSession::destroy (this=0x60ae0001cc80) at Http1ClientSession.cc:93
#4  0x0000000000664d20 in Http1ClientTransaction::transaction_done (this=0x60ae0001cf60) at Http1ClientTransaction.cc:69

Copy link
Copy Markdown
Member

@shinrich shinrich Oct 5, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, destroy doesn't necessarily destroy. But from transaction_done(), the client transaction is done with the parent session. So even if the parent is still around, the client transaction should no longer be manipulating it.

The change looks good to me.

Copy link
Copy Markdown
Contributor

@jpeach jpeach Oct 5, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK, I don't like the fragility of how this is done, but I agree this change will fix the crash.

@masaori335 masaori335 merged commit 60d3d1f into apache:master Oct 6, 2016
bneradt pushed a commit to bneradt/trafficserver that referenced this pull request Jan 23, 2026
Support handShakeReader larger than one block (apache#1075)
9fb2574 
This cherry picks a review comment update from:
apache#12290
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jpeach jpeach jpeach approved these changes

@shinrich shinrich shinrich left review comments

Assignees

@jpeach jpeach

@shinrich shinrich

Labels

HTTP

Projects

None yet

Milestone

7.0.0

Development

Successfully merging this pull request may close these issues.

4 participants

@masaori335 @atsci @jpeach @shinrich