Bug 525792 - segmentation fault in openssl tests
Summary: segmentation fault in openssl tests
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: ruby
Version: 12
Hardware: i686
OS: Linux
low
medium
Target Milestone: ---
Assignee: Jeroen van Meeuwen
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-09-25 18:38 UTC by Nikolai Lugovoi
Modified: 2010-05-14 07:23 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-05-14 07:23:43 UTC

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Nikolai Lugovoi 2009-09-25 18:38:44 UTC 
Trying to run test_ssl.rb from ruby-1.8.6 source tree, program segfaults:

$ ruby test/openssl/test_ssl.rb 
Loaded suite test/openssl/test_ssl
Started
..test/openssl/test_ssl.rb:215: [BUG] Segmentation fault
ruby 1.8.6 (2009-06-08) [i386-linux]

Aborted


installed components:

ruby-1.8.6.369-3.fc12.i686, built from ruby-1.8.6.369-3.fc12.src.rpm
openssl-1.0.0-0.7.beta3.fc12.i686

GDB backtrace:

#0  freelist_insert (ctx=0x817c550, for_read=1, sz=34120, mem=0x86c0a48) at s3_both.c:645
#1  0x00691305 in ssl3_release_read_buffer (s=0x81ee640) at s3_both.c:762
#2  0x0068d60c in ssl3_free (s=0x81ee640) at s3_lib.c:2151
#3  0x00695d75 in tls1_free (s=0x81ee640) at t1_lib.c:163
#4  0x006a4041 in SSL_free (s=0x81ee640) at ssl_lib.c:581
#5  0x002a17c9 in ossl_ssl_free (ssl=<value optimized out>) at ossl_ssl.c:511
#6  0x08077193 in run_final (obj=3086404720) at gc.c:1903
#7  0x080771e4 in finalize_list (p=<value optimized out>) at gc.c:1057
#8  rb_gc_finalize_deferred (p=<value optimized out>) at gc.c:1931

It could be also an openssl-1.0.0beta3 bug, as the same ruby source code, with ruby-openssl-1.0.patch and other patches applied, but compiled on another system with openssl-0.9.8k runs without problem.
Comment 1 Nikolai Lugovoi 2009-09-26 13:04:21 UTC 
Looks like it is ruby garbage collection issue: sometimes SSLContext is freed in GC earlier than SSLSocket which still references such context.

As ugly workaround, this patch seems to work:

diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index 4a4e60f..321132c 100644
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@@ -127,6 +127,8 @@ int ossl_ssl_ex_tmp_dh_callback_idx;
 static void
 ossl_sslctx_free(SSL_CTX *ctx)
 {
+    /* skip cleanup, if still referenced from one SSL socket, delay it to implicit calls from ossl_ssl_free */
+    if(ctx && ctx->references == 3) return;
     if(ctx && SSL_CTX_get_ex_data(ctx, ossl_ssl_ex_store_p)== (void*)1)
        ctx->cert_store = NULL;
     SSL_CTX_free(ctx);
Comment 2 Bug Zapper 2009-11-16 12:57:35 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 12 development cycle.
Changing version to '12'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 3 Mamoru TASAKA 2010-05-14 07:23:43 UTC 
It seems that with current openssl-1.0.0-1.fc13 this issue
does not happen. Perhaps this was bug in openssl.

Once closing.
Note You need to log in before you can comment on or make changes to this bug.