lucid server: mod_mem_cache with mod_dav_svn crashes apache for certain files

Hi,

This was originally reported in http://bugs.launchpad.net/bugs/568468. I have attached the information that the user has provided below. If you have any questions please let me know.

===================

Binary package hint: apache2

On a lucid server we see apache segmentation faulting at a high rate. This causes svn checkouts to fail depending on the client (e.g. on Ubunut 9.10 subversion with neon as dav lib is okay, serf is not). I was able to reproduce it with a minimal setup:

Using lucid from today, i.e. with

with mods-enabled:
alias auth_basic authz_default authz_host cache dav dav_svn deflate info mem_cache mime

dav_svn.conf:
<Location /svn>
  DAV svn
  SVNParentPath /var/lib/svn
  SVNListParentPath on
  SVNPathAuthz off
</Location>

mem_cache.conf is untouched. I created an svn repo /var/lib/svn/svn_memcache (see attachment). With some clients I cannot check it out, it fails for bad.root segfaulting apache. wget http://localhost/svn/svn_memcache/bad.root never succeeds.

If I disable mem_cache it works. (Yes, I know that we shouldn't have it enabled for serving svn to begin with and I am thankful for mem_cache pointing this out but that's not the point here :-)

Cheers, Axel.

================

Sure, here it is.

#0 0x00007ffff5cc613e in ?? () from /usr/lib/apache2/modules/mod_cache.so
#1 0x00007ffff589c1ed in ?? () from /usr/lib/apache2/modules/mod_dav_svn.so
#2 0x00007ffff5ab694a in ?? () from /usr/lib/apache2/modules/mod_dav.so
#3 0x00007ffff7fd6140 in ap_run_handler (r=0x7ffff834eeb8) at /build/buildd/apache2-2.2.14/server/config.c:159
#4 0x00007ffff7fd9aa8 in ap_invoke_handler (r=0x7ffff834eeb8) at /build/buildd/apache2-2.2.14/server/config.c:373
#5 0x00007ffff7fe7678 in ap_process_request (r=0x7ffff834eeb8) at /build/buildd/apache2-2.2.14/modules/http/http_request.c:282
#6 0x00007ffff7fe4528 in ap_process_http_connection (c=0x7ffff834af28) at /build/buildd/apache2-2.2.14/modules/http/http_core.c:190
#7 0x00007ffff7fddcf8 in ap_run_process_connection (c=0x7ffff834af28) at /build/buildd/apache2-2.2.14/server/connection.c:43
#8 0x00007ffff7fec037 in child_main (child_num_arg=<value optimized out>)
    at /build/buildd/apache2-2.2.14/server/mpm/prefork/prefork.c:662
#9 0x00007ffff7fec306 in make_child (s=0x7ffff8214938, slot=0) at /build/buildd/apache2-2.2.14/server/mpm/prefork/prefork.c:702
#10 0x00007ffff7fec953 in ap_mpm_run (_pconf=<value optimized out>, plog=<value optimized out>, s=<value optimized out>)
    at /build/buildd/apache2-2.2.14/server/mpm/prefork/prefork.c:978
#11 0x00007ffff7fc2350 in main (argc=2, argv=0x7fffffffe758) at /build/buildd/apache2-2.2.14/server/main.c:742

Looks like the modules don't have debug info - that's really unfortunate... Let me know if I can help with providing them somehow (i.e. whether I should build the modules from source).

Please help us to refine our list of open and current defects; this is a mass update of old and inactive Bugzilla reports which reflect user error, already resolved defects, and still-existing defects in httpd.

As repeatedly announced, the Apache HTTP Server Project has discontinued all development and patch review of the 2.2.x series of releases. The final release 2.2.34 was published in July 2017, and no further evaluation of bug reports or security risks will be considered or published for 2.2.x releases. All reports older than 2.4.x have been updated to status RESOLVED/LATER; no further action is expected unless the report still applies to a current version of httpd.

If your report represented a question or confusion about how to use an httpd feature, an unexpected server behavior, problems building or installing httpd, or working with an external component (a third party module, browser etc.) we ask you to start by bringing your question to the User Support and Discussion mailing list, see [https://httpd.apache.org/lists.html#http-users] for details. Include a link to this Bugzilla report for completeness with your question.

If your report was clearly a defect in httpd or a feature request, we ask that you retest using a modern httpd release (2.4.33 or later) released in the past year. If it can be reproduced, please reopen this bug and change the Version field above to the httpd version you have reconfirmed with.

Your help in identifying defects or enhancements still applicable to the current httpd server software release is greatly appreciated.