I wrote a forum https://leanclub.org

<div class="snippet-clipboard-content notranslate position-relative overflow-auto" data-snippet-clip

<a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/us

I am using example program provided in README.md with: <div class="snippet-clipboa

URL query string parse crash about crow HOT 14 CLOSED

ipkn commented on August 15, 2024

URL query string parse crash

from crow.

Comments (14)

typcn commented on August 15, 2024

#0  0x00007ffff5af7107 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1  0x00007ffff5af84e8 in __GI_abort () at abort.c:89
#2  0x00007ffff5b35204 in __libc_message (do_abort=do_abort@entry=1, fmt=fmt@entry=0x7ffff5c27fe0 "*** Error in `%s': %s: 0x%s ***\n")
    at ../sysdeps/posix/libc_fatal.c:175
#3  0x00007ffff5b3a9de in malloc_printerr (action=1, str=0x7ffff5c281a0 "free(): invalid next size (fast)", ptr=<optimized out>) at malloc.c:4996
#4  0x00007ffff5b3b6e6 in _int_free (av=<optimized out>, p=<optimized out>, have_lock=0) at malloc.c:3840
#5  0x00000000005484e6 in crow::query_string::~query_string (this=0x7fffe0051fa8, __in_chrg=<optimized out>)
    at /home/typcncom_gmail_com/leanclub/include/query_string.h:238
#6  0x000000000057cb1e in crow::HTTPParser<crow::Connection<crow::Crow<>> >::~HTTPParser() (this=0x7fffe0051f28, __in_chrg=<optimized out>)
    at /home/typcncom_gmail_com/leanclub/include/parser.h:15
#7  0x00000000005889b2 in crow::Connection<crow::Crow<>>::~Connection() (this=0x7fffe0050f00, __in_chrg=<optimized out>)
    at /home/typcncom_gmail_com/leanclub/include/http_connection.h:213
#8  0x0000000000585bcf in crow::Connection<crow::Crow<>>::check_destroy() (this=0x7fffe0050f00)
    at /home/typcncom_gmail_com/leanclub/include/http_connection.h:502
#9  0x00000000005823c1 in crow::Connection<crow::Crow<>>::do_read()::{lambda(boost::system::error_code const&, unsigned long)#1}::operator()(boost::system::error_code const&, unsigned long) const (__closure=0x7fff6273b5a0, ec=..., bytes_transferred=0)
    at /home/typcncom_gmail_com/leanclub/include/http_connection.h:456
#10 0x000000000059349a in boost::asio::detail::binder2<crow::Connection<crow::Crow<>>::do_read()::{lambda(boost::system::error_code const&, unsigned long)#1}, boost::system::error_code, unsigned long>::operator()() (this=0x7fff6273b5a0) at /usr/include/boost/asio/detail/bind_handler.hpp:127
#11 0x0000000000591ec4 in boost::asio::asio_handler_invoke<boost::asio::detail::binder2<crow::Connection<crow::Crow<>>::do_read()::{lambda(boost::system::error_code const&, unsigned long)#1}, boost::system::error_code, unsigned long> >(boost::asio::detail::binder2<crow::Connection<crow::Crow<>>::do_read()::{lambda(boost::system::error_code const&, unsigned long)#1}, boost::system::error_code, unsigned long>&, ...) (function=...)
    at /usr/include/boost/asio/handler_invoke_hook.hpp:69
#12 0x0000000000590719 in boost_asio_handler_invoke_helpers::invoke<boost::asio::detail::binder2<crow::Connection<crow::Crow<>>::do_read()::{lambda(boost::system::error_code const&, unsigned long)#1}, boost::system::error_code, unsigned long>, {lambda(boost::system::error_code const&, unsigned long)#1}>(boost::asio::detail::binder2<crow::Connection<crow::Crow<>>::do_read()::{lambda(boost::system::error_code const&, unsigned long)#1}, boost::system::error_code, unsigned long>&, {lambda(boost::system::error_code const&, unsigned long)#1}&) (function=..., context=...) at /usr/include/boost/asio/detail/handler_invoke_helpers.hpp:37
#13 0x000000000058f23a in boost::asio::detail::reactive_socket_recv_op<boost::asio::mutable_buffers_1, crow::Connection<crow::Crow<>>::do_read()::{lambda(boost::system::error_code const&, unsigned long)#1}>::do_complete(boost::asio::detail::task_io_service*, boost::asio::detail::task_io_service_operation*, boost::system::error_code const&, unsigned long) (owner=0x8a91e0, base=0x7fffc4015110) at /usr/include/boost/asio/detail/reactive_socket_recv_op.hpp:110
#14 0x000000000054db34 in boost::asio::detail::task_io_service_operation::complete (this=0x7fffc4015110, owner=..., ec=..., bytes_transferred=0)
    at /usr/include/boost/asio/detail/task_io_service_operation.hpp:38

Another crash

from crow.

sivachandran commented on August 15, 2024

Is there a chance that you mixed two different version of gcc? Like a static library(uses Crow) built with one version of gcc and main executable in different gcc version?

Can you come up with small program that reproduces the crash?

At least you can show us how you are using the Crow.

from crow.

typcn commented on August 15, 2024

I can't reproduces the crash on my machine , Even use web vul scanner to grab the site.....
My computer : Mac OS X 10.10 , Apple Clang , libcurl-AppleTLS
My VM: Debian 8 + gcc 4.9 + libcurl4-openssl-dev
Server: Debian 8 + gcc 4.9 + libcurl4-openssl-dev

from crow.

typcn commented on August 15, 2024

I have read the malloc.c .
I think it might be qs_parse on special characters got wrong length and crash on free .
but I feel very queer,This error occurs randomly , not on one url , and not happen on specified params.

from crow.

sivachandran commented on August 15, 2024

As you can see the crash occurred in the destructor Connection object. Crashes like this will not easily slip out of tests or regular usage. I've been running Crow on my production system for quite long and I didn't encounter such crash. I am sure lot of others are also running it without any problem.

So it is highly likely there is something in your usage that causes the crash. The reason I asked for GCC version is libc++ incompatibility between versions. I've seen crashes like this when the STL data structure's internal memory layout changes between libc++ versions.

Are you using any of the Boost libraries(static/dynamic) or just headers? If you are using Boost static/dynamic library then is there a difference of GCC used in compiling Boost and your main executable?

Also did you build executable/library in machine and copied to another machine? If so remember libc++ shared library version could be different between these two machines.

from crow.

typcn commented on August 15, 2024

I installed boost libraries using apt-get.
Other libraries and executables are built on the target machine.
I will try to recompile boost library

from crow.

onur commented on August 15, 2024

I have same issue, but I don't think its related with boost or GCC. There is something wrong in qs_parse function. Valgrind output of example program in front page of project:

==20192== Memcheck, a memory error detector
==20192== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==20192== Using Valgrind-3.10.0 and LibVEX; rerun with -h for copyright info
==20192== Command: ./a.out
==20192== 
(2015-05-09 13:30:26) [INFO    ] Crow/0.1 server is running, local port 18080
==20192== Thread 3:
==20192== Invalid read of size 1
==20192==    at 0x40DE30: qs_decode(char*) (query_string.h:142)
==20192==    by 0x425991: qs_parse (query_string.h:127)
==20192==    by 0x425991: query_string (query_string.h:289)
...
==20192== 
==20192== Invalid write of size 1
==20192==    at 0x40DF84: qs_decode(char*) (query_string.h:161)
==20192==    by 0x425991: qs_parse (query_string.h:127)
==20192==    by 0x425991: query_string (query_string.h:289)
...
==20192== 
(2015-05-09 13:30:28) [INFO    ] Request: 127.0.0.1:34157 0x667bc90 HTTP/1.1 GET /
(2015-05-09 13:30:28) [INFO    ] Response: 0x667bc90 / 404 0

Example URL's causing this issue:

http://localhost:18080/
http://localhost:18080/about
http://localhost:18080/about?something
http://localhost:18080/about?something=yes&anotherthing

Some URL's this issue not occurred:

http://localhost:18080/?something=yes
http://localhost:18080/about?something=yes
http://localhost:18080/about?something=yes&anotherthing=no

etc.

from crow.

typcn commented on August 15, 2024

I think so , when I using different complier to recompile, nginx show 502 page and some visitors leave my website , so reducing the probability of a crash occurs.I'll try to fix it

from crow.

sivachandran commented on August 15, 2024

@onuraslan do you have minimal program to reproduce the crash?

from crow.

onur commented on August 15, 2024

I am using example program provided in README.md with:

g++ -std=c++1y -I /tmp/crow/include -g example.cc -lboost_date_time -lboost_filesystem -lboost_system -lboost_thread -lpthread

from crow.

typcn commented on August 15, 2024

When I force https to my website, It's running well ( > 10 hrs), I guess It's some web crawler submit strange params caused the crash.

from crow.

onur commented on August 15, 2024

BTW example program is not crashing, I used it to show memory error.

from crow.

ipkn commented on August 15, 2024

qs_parse related bug exists and fixed by PR #61. I merged it now and am trying to find another error.

from crow.

typcn commented on August 15, 2024

My program no longer crashes, thanks.

from crow.

URL query string parse crash about crow HOT 14 CLOSED

Comments (14)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent