Copyright © https://mongoose-os.com

Mongoose OS Forum

frame

multithread server is broken

We are a happy user of the mongoose embedded web server module (see https://midas.triumf.ca). We selected mongoose partially because of simple support for building multithreaded servers.

Now I am updating our application from mongoose 4.x to 6.4 and I see a number of problems with the multithread server:

a) a crash due to double-free/use-after-free of nc->proto_data (see below)
b) MG_EV_ACCEPT events are not sent to my handler (need this to implement application-level access controls)
c) MG_EV_RECV also not sent to my handler (not important)
d) the mongoose code does some kind of insane forwarding of data between connections (see forward_ev_handler()). Seems unnecessary, kills performance, and introduces bugs.

More about the crash:
a) the pointer to nc->proto_data is duplicated in spawn_handling_thread() resulting in two connections pointing to the same proto_data address.
b) first connection is closed, proto_data is deleted
c) second connection now points to a deallocated address (use-after-free)
d) eventually crashes (for me) in mg_http_handler() because pd->file.fp contains garbage

This is easy to see by printing the address of nc->proto_data newly allocated in mg_http_get_proto_data(), address deleted mg_http_conn_destructor() and address duplicated in spawn_handling_thread().

It turns out there already is a bug report for this, with maybe solution:
https://github.com/cesanta/mongoose/issues/646

If mongoose supports multithreading, somebody should better fix at least the crasher.

K.O.

Comments

Sign In or Register to comment.