Bug 525792 - segmentation fault in openssl tests
segmentation fault in openssl tests
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: ruby (Show other bugs)
12
i686 Linux
low Severity medium
: ---
: ---
Assigned To: Jeroen van Meeuwen
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-09-25 14:38 EDT by Nikolai Lugovoi
Modified: 2010-05-14 03:23 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-05-14 03:23:43 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Nikolai Lugovoi 2009-09-25 14:38:44 EDT
Trying to run test_ssl.rb from ruby-1.8.6 source tree, program segfaults:

$ ruby test/openssl/test_ssl.rb 
Loaded suite test/openssl/test_ssl
Started
..test/openssl/test_ssl.rb:215: [BUG] Segmentation fault
ruby 1.8.6 (2009-06-08) [i386-linux]

Aborted


installed components:

ruby-1.8.6.369-3.fc12.i686, built from ruby-1.8.6.369-3.fc12.src.rpm
openssl-1.0.0-0.7.beta3.fc12.i686

GDB backtrace:

#0  freelist_insert (ctx=0x817c550, for_read=1, sz=34120, mem=0x86c0a48) at s3_both.c:645
#1  0x00691305 in ssl3_release_read_buffer (s=0x81ee640) at s3_both.c:762
#2  0x0068d60c in ssl3_free (s=0x81ee640) at s3_lib.c:2151
#3  0x00695d75 in tls1_free (s=0x81ee640) at t1_lib.c:163
#4  0x006a4041 in SSL_free (s=0x81ee640) at ssl_lib.c:581
#5  0x002a17c9 in ossl_ssl_free (ssl=<value optimized out>) at ossl_ssl.c:511
#6  0x08077193 in run_final (obj=3086404720) at gc.c:1903
#7  0x080771e4 in finalize_list (p=<value optimized out>) at gc.c:1057
#8  rb_gc_finalize_deferred (p=<value optimized out>) at gc.c:1931

It could be also an openssl-1.0.0beta3 bug, as the same ruby source code, with ruby-openssl-1.0.patch and other patches applied, but compiled on another system with openssl-0.9.8k runs without problem.
Comment 1 Nikolai Lugovoi 2009-09-26 09:04:21 EDT
Looks like it is ruby garbage collection issue: sometimes SSLContext is freed in GC earlier than SSLSocket which still references such context.

As ugly workaround, this patch seems to work:

diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index 4a4e60f..321132c 100644
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@@ -127,6 +127,8 @@ int ossl_ssl_ex_tmp_dh_callback_idx;
 static void
 ossl_sslctx_free(SSL_CTX *ctx)
 {
+    /* skip cleanup, if still referenced from one SSL socket, delay it to implicit calls from ossl_ssl_free */
+    if(ctx && ctx->references == 3) return;
     if(ctx && SSL_CTX_get_ex_data(ctx, ossl_ssl_ex_store_p)== (void*)1)
        ctx->cert_store = NULL;
     SSL_CTX_free(ctx);
Comment 2 Bug Zapper 2009-11-16 07:57:35 EST
This bug appears to have been reported against 'rawhide' during the Fedora 12 development cycle.
Changing version to '12'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 3 Mamoru TASAKA 2010-05-14 03:23:43 EDT
It seems that with current openssl-1.0.0-1.fc13 this issue
does not happen. Perhaps this was bug in openssl.

Once closing.

Note You need to log in before you can comment on or make changes to this bug.