[Nss-mysql-devel] Re: [Bug #757] Segfault which appears to be in nss-mysql.

[Kyrian]

Guillaume,

I looked, but I couldn't find anything that might be linked to the wrong
MySQL libraries that would be causing this.

I'm stumped, tbh. But there is still a problem.

It's occuring with my test user now as well under slightly different
circumstances.

I think that since (IIRC) the crash occurs in the call to mysql_init(NULL),
I should try upgrading to the latest version of MySQL and then see if that
fixes it... and if it doesn't, then go to the MySQL bugs list about it?

That's a pain in the neck, and I won't be able to do it for a while (perhaps
a month or two)...

Any other thoughts?

K.

On Thu, 25 Jul 2002 12:30:13 -0400
address@hidden wrote:

> 
> =================== BUG #757: LATEST MODIFICATIONS ==================
> http://savannah.gnu.org/bugs/?func=detailbug&bug_id=757&group_id=443
> 
> Changes by: Guillaume Morin <address@hidden>
> Date: 2002-Jul-25 18:30 (Europe/Paris)
> 
> ------------------ Additional Follow-up Comments
> ---------------------------- Kyrian,
> 
> Do you have any news about this bug ?
> 
> Regards,
> 
> Guillaume.
> 
> 
> 
> =================== BUG #757: FULL BUG SNAPSHOT ===================
> 
> 
> Submitted by: kyrian                    Project: NSS MySQL                
>      
> Submitted on: 2002-Jun-26 04:44
> Category:  None                         Severity:  5 - Major              
>      
> Bug Group:  None                        Resolution:  None                 
>      
> Assigned to:  gmorin                    Status:  Open                     
>      
> 
> Summary:  Segfault which appears to be in nss-mysql.
> 
> Original Submission:  Hi,
> 
> This segfault problem comes about when using the frontpage extensions for
> linux, so it may well be a problem with that passing garbage to nss-mysql
> (even if that is the case, it's still a BAD problem!), or it could be a
> problem within nss-mysql itself, which is what I think is the case.
> 
> Basically what appears to be happening (guesswork, see the attached strace
> information - sorry about the format, daft X setup left me no choice - for
> more conclusive info) is that when the frontpage software attempts to look
> up a (non-existent in /etc/passwd, as per my /etc/nsswitch.conf
> configuration) UID to username mapping, in some cases, you get a segfault,
> whereas if I add the appropriate user line in /etc/passwd, I get no
> segfault, because I've circumvented nss-mysql...
> 
> Now, from the attached strace, I reckon that this is happening because
> when reading /etc/nss-mysql.conf, there is an old_mmap() call which gets a
> buffer space of 4096 (bytes, at address 0x40028000 in the strace) to store
> the information that's read in.
> 
> This is then duplicate-freed with a munmap() towards the end of the
> strace, attempting which causes a segfault.
> 
> This is repeatable every time with the user inquestion without the
> aforementioned line in /etc/passwd (although I've made no mention of it,
> I'm also using shadow passwords, but no line in /etc/shadow is required to
> prevent this bug happening, thus implying that it's restricted to the
> UID->username mapping process...).
> 
> However, what (possibly) knackers my theory is that it only happens with
> this one user, and not other users with similar setups, on which I'm
> trying to do the same thing...
> 
> I've tried making the user that fails have the same user/group config,
> removing trailing slashes from home directory names, etc. all sorts of
> minor tweaks of both the frontpage and the nss-mysql side that might be
> different between working an non-working users, but the only one that
> works is the line in /etc/passwd with the right uid/gid/username.
> 
> More information is available on request, although I would like to
> maintain as much customer-information privacy as possible, obviously...
> 
> Hopefully someone can help with this, as it defeats the object of having
> nss-mysql in the first place if I still need users in /etc/password :(
> 
> K.
> 
> PS. With debug enabled, when I get the above segfault, I only get this in
> my logs:
> 
> Jun 26 02:31:38 lestat nss-mysql[560]: getpwuid called for 1004
> Jun 26 02:31:38 lestat owsadm.exe[560]: _nss_mysql_read_conf_file: called
> for section users Jun 26 02:31:38 lestat owsadm.exe[560]:
> _nss_mysql_read_conf_file ended for section users
> 
> Oh, and it's nss-mysql-0.37.1 ;-)
> 
> Follow-up Comments
> *******************
> 
> -------------------------------------------------------
> Date: 2002-Jul-25 18:30             By: gmorin
> Kyrian,
> 
> Do you have any news about this bug ?
> 
> Regards,
> 
> Guillaume.
> 
> -------------------------------------------------------
> Date: 2002-Jul-05 21:24             By: kyrian
> I only have php4 installed.
> 
> ldd /etc/httpd/modules/libphp4.so yields no reference to
> libmysqlclient.so.X
> 
> It's a similar story for all of the other apache modules that I have...
> 
> but ldd /usr/lib/php4/mysql.so yields a reference to that, only it's
> libmysqlclient.so.10, just like everything else.
> 
> I'll have a look and see if I can find anything else that might be linked
> against the wrong libraries...
> 
> K.
> 
> 
> -------------------------------------------------------
> Date: 2002-Jul-05 21:06             By: gmorin
> Hi,
> 
> Hmm I had exactly the same problem some time ago. I experienced some weird
> crashes too in the same functions. It was because my mysql php3 module was
> linked again libmysqlclient.so.9 and nss-mysql to libmysqlclient.so.10. I
> recompiled php and it fixed the crash.
> 
> Could you try that ?
> 
> Guillaume.
> 
> -------------------------------------------------------
> Date: 2002-Jul-05 19:45             By: kyrian
> Guillaume,
> 
> Okay. In order to try and track this down, I recompiled nss-mysql (latest
> CVS) with some additional calls to _nss_mysql_log() in sensible places
> within lib.c and passwd.c
> 
> Using that method, I've tracked it down to lib.c, line 212, or there
> abouts, the call to:
> 
>  mysql_init(NULL);
> 
> Which causes a segfault.
> 
> Even replacing mysql_init(NULL) with mysql_init(tmp) [ tmp having been
> previously allocated(or was that just a pointer, and not an end
> structure?), also causes the same problem, so there seems to be little
> choice left but to blame the MySQL libraries themselves...
> 
> Although as a thought, I have both libmysqlclient.so.9, and
> libmysqlclient.so.10 installed, which might be a cause of problems at some
> stage?
> 
> The nss_mysql library is linked against libmysqlclient.so.10, as is my
> "mysql" command line client program, which works fine.
> 
> Curiouser and curiouser...
> 
> Although (and I should have mentioned this earlier no doubt), maybe this
> is related to the fact that I keep getting loads of messages thusly in my
> logs (about two per minute):
> 
> Aborted connection to db: 'xxxx' user: 'xxxx' host: 'localhost' (Got an
> error reading communication packets)
> 
> And MySQL is running out of connections and for some reason doesn't deal
> with it properly when mysql_init() is called... hence the crash?
> 
> K.
> 
> -------------------------------------------------------
> Date: 2002-Jul-05 17:52             By: kyrian
> Guillaume,
> 
> > This is very weird.
> Yep :(
> 
> > All log entries you've given are completely normal.
> > I really have no idea of what is going on.
> I just looked at that strace again, and it's not because of a duplicate
> munmap(). The same address appears multiple times because it's reallocated
> multiple times, which is normal.
> 
> However I'm surprised to see that it crashes right after deallocating the
> buffer used to read /etc/nss-mysql.conf, and /etc/nsswitch.conf, rather
> than the strace/ltrace showing it crashing during a call to
> libmysqlclient.so.X...
> 
> I'd assumed it wasn't do do with the MySQL libraries as a result, and a
> problem was occuring before this happened.
> 
> > The frontpage extension is an apache module, right ?
> Yes.
> 
> The source of it is available here:
> http://people.freebsd.org/~mbr/distfiles/
> 
> > If so, do you use any MySQL related modules with
> > apache (like php4 with MySQL support) ?
> I have PHP3 with MySQL support enabled in the server as a DSO, yes.
> 
> But the trouble with that theory is that the owsadm.exe program also
> crashes, and that program doesn't go anywhere near the apache executable,
> so I don't think it's apache related.
> 
> I'll have a look some more.
> 
> K.
> 
> -------------------------------------------------------
> Date: 2002-Jul-05 16:57             By: gmorin
> Hi,
> 
> This is very weird. All log entries you've given are completely normal.I
> really have no idea of what is going on. The frontpage extension is an
> apache module, right ? If so, do you use any MySQL related modules with
> apache (like php4 with MySQL support) ?
> 
> TIA.
> 
> Guillaume.
> 
> -------------------------------------------------------
> Date: 2002-Jul-04 19:30             By: kyrian
> Running the CVS version, I get the same as above.
> 
> Aside from that the log message now shows as:
> 
> <date> nss-mysql[<pid>]: _nss_mysql_read_conf_file: etc...
> 
> [ excuse the abbreviation... ]
> 
> and that it now shows the following immediately after the above (don't
> know if it's related):
> 
> <date> nss-mysql[<pid>]: check_connection: opening a connection.
> 
> This is assuming that the owsadm program doesn't do a fork() and get a
> different PID, as I've only taken the entries with the same PID into
> consideration.
> 
> In case it does fork(), there's a series of these messages before the
> above, with a similar PID [which might indicate that it did fork() ]
> 
> <date> nss-mysql[<pid2>]: endent called for passwd(0)
> <date> nss-mysql[<pid2>]: endend(0): ent was NULL
> <date> nss-mysql[<pid2>]: endend(0) finished
> 
> That appears about 25 times under 1 pid, and once under a 3rd unique pid,
> prior to the above messages. May or may not be related.
> 
> K.
> 
> -------------------------------------------------------
> Date: 2002-Jul-04 18:37             By: kyrian
> An ltrace of the command which causes the segfault shows no extra
> information (beyond what is normally output by that command), so I assume
> that this must mean that it has been statically linked?
> 
> I'll get to trying it with the latest CVS shortly...
> 
> 
> -------------------------------------------------------
> Date: 2002-Jul-04 15:32             By: gmorin
> Hi,
> 
> Sorry for the late response, the bug email notification did not work :-(.
> It should work now.
> 
> Could you try  to reproduce that problem with current CVS and
> send me the debug log ?
> 
> I'd like to know if the frontpage software is linked dynamically with the
> mysql libraries too.
> 
> Could you try to run ltrace on the process when reproducing the bug, that
> would be helpful ?
> 
> Regards,
> 
> Guillaume.
> 
> -------------------------------------------------------
> Date: 2002-Jun-28 09:50             By: kyrian
> Hmmm... After a thought struck me, I tried changing the working user's
> username to the same length as the non-working one.
> 
> Lo and behold, I began to get segfaults on certain operations from the
> formerly working user when I made its username seven characters long (as
> opposed to its original four).
> 
> Maybe it has something to do with it, maybe not...
> 
> 
> 
> File Attachments
> ****************
> 
> -------------------------------------------------------
> Date: 2002-Jun-26 04:44  Name: crud  Size: 8KB   By: kyrian
> strace of bug.
> http://savannah.gnu.org/bugs/download.php?group_id=443&bug_id=757&bug_file_id=42
> 
> 
> For detailed info, follow this link:
> http://savannah.gnu.org/bugs/?func=detailbug&bug_id=757&group_id=443


--
Kev Green, aka Kyrian.   Email: address@hidden   Web: http://kyrian.ore.org/
  [ Looking for ISP contract work, CV at http://kyrian.ore.org/cv.html ]
               "Be excellent to each other" -- Bill & Ted.