5.1.2 Context::parse_multipart_data 导致abort 进程退出

[szutoutou]

Please answer these questions before submitting your issue.

1. What did you do? If possible, provide a simple script for reproducing the error.

无任何改动，有看到之前的ISSUE(#4763)
修复时增加了abort(3dc4416#diff-6e3d81faee48df4a37170d8de1e07f97678e020999024df25f4cdf908a93a541R132)

2. What did you expect to see?

修复该退出问题

3. What did you see instead?

gdb core

#0  __restore_sigs (set=set@entry=0x7fbd6b5fd000) at syscall_arch.h:40
#1  0x00007fbd74d2a702 in raise (sig=sig@entry=6) at src/signal/raise.c:11
#2  0x00007fbd74cf9be8 in abort () at src/exit/abort.c:11
#3  0x00007fbd7261373b in multipart_parser_error_msg (p=<optimized out>, buf=<optimized out>, len=<optimized out>) at /swoole-src-5.1.2/thirdparty/multipart_parser.c:131
#4  0x00007fbd72673f3b in swoole::http::Context::parse_multipart_data (this=this@entry=0x7fbd72ec19d0, 
    at=at@entry=0x7fbd69b6c8a6 "------WebKitFormBoundaryJ51qho3f65365snb\r\nContent-Disposition: form-data; name=\"xxx\"\r\n\r\n0\r\n------WebKitFormBoundaryJ51qho3f65365snb\r\nContent-Disposition: form-data; name=\"xxxx\"\r\n\r\n0\r\n------Web"..., length=length@entry=1299) at /swoole-src-5.1.2/ext-src/swoole_http_request.cc:135
#5  0x00007fbd72674235 in http_request_on_body (parser=<optimized out>, 
    at=0x7fbd69b6c8a6 "------WebKitFormBoundaryJ51qho3f65365snb\r\nContent-Disposition: form-data; name=\"xxx\"\r\n\r\n0\r\n------WebKitFormBoundaryJ51qho3f65365snb\r\nContent-Disposition: form-data; name=\"xxxx\"\r\n\r\n0\r\n------Web"..., length=1299) at /swoole-src-5.1.2/ext-src/swoole_http_request.cc:782
#6  0x00007fbd7277e465 in swoole_http_parser_execute (parser=0x7fbd72ec1ba8, settings=0x7fbd7284a5a0 <http_parser_settings>, data=<optimized out>, len=<optimized out>) at  /swoole-src-5.1.2/thirdparty/swoole_http_parser.c:1402
#7  0x00007fbd7267e7f9 in zim_swoole_http_server_coro_onAccept (execute_data=<optimized out>, return_value=<optimized out>) at /swoole-src-5.1.2/ext-src/swoole_http_server_coro.cc:633
#8  0x000055b9d074381e in zend_call_function ()
#9  0x00007fbd7264f1e0 in swoole::PHPCoroutine::main_func (_args=<optimized out>) at /swoole-src-5.1.2/ext-src/swoole_coroutine.cc:707
#10 0x00007fbd726f45db in std::function<void (void*)>::operator()(void*) const (__args#0=<optimized out>, this=<optimized out>) at /c++/13.2.1/bits/std_function.h:591
#11 swoole::coroutine::Context::context_func (arg=0x7fbd6b957cc0) at /swoole-src-5.1.2/src/coroutine/context.cc:142
#12 0x00007fbd7278cbc1 in swoole_make_fcontext () at /swoole-src-5.1.2/thirdparty/boost/asm/make_x86_64_sysv_elf_gas.S:70
#13 0x0000000000000000 in ?? ()

4. What version of Swoole are you using (show your php --ri swoole)?

swoole

Swoole => enabled
Author => Swoole Team team@swoole.com
Version => 5.1.2
Built => Mar 5 2024 08:08:42
coroutine => enabled with boost asm context
epoll => enabled
eventfd => enabled
signalfd => enabled
spinlock => enabled
rwlock => enabled
openssl => OpenSSL 3.1.4 24 Oct 2023
dtls => enabled
http2 => enabled
json => enabled
curl-native => enabled
zlib => 1.3.1
brotli => E16781312/D16781312
mutex_timedlock => enabled
pthread_barrier => enabled
futex => enabled
mysqlnd => enabled
async_redis => enabled

Directive => Local Value => Master Value
swoole.enable_coroutine => On => On
swoole.enable_library => On => On
swoole.enable_fiber_mock => Off => Off
swoole.enable_preemptive_scheduler => Off => Off
swoole.display_errors => On => On
swoole.use_shortname => Off => Off
swoole.unixsock_buffer_size => 8388608 => 8388608

5. What is your machine environment used (show your uname -a & php -v & gcc -v) ?

Linux 5.14.0-70.30.1.el9_0.x86_64 #1 SMP PREEMPT Thu Nov 3 20:29:04 UTC 2022 x86_64 Linux

PHP 8.2.15 (cli) (built: Jan 27 2024 04:53:38) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.2.15, Copyright (c) Zend Technologies
with Zend OPcache v8.2.15, Copyright (c), by Zend Technologies

Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/libexec/gcc/x86_64-alpine-linux-musl/13.2.1/lto-wrapper
Target: x86_64-alpine-linux-musl
Configured with: /home/buildozer/aports/main/gcc/src/gcc-13-20231014/configure --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --build=x86_64-alpine-linux-musl --host=x86_64-alpine-linux-musl --target=x86_64-alpine-linux-musl --enable-checking=release --disable-cet --disable-fixed-point --disable-libstdcxx-pch --disable-multilib --disable-nls --disable-werror --disable-symvers --enable-__cxa_atexit --enable-default-pie --enable-default-ssp --enable-languages=c,c++,d,objc,go,fortran,ada --enable-link-serialization=2 --enable-linker-build-id --disable-libssp --disable-libsanitizer --enable-shared --enable-threads --enable-tls --with-bugurl=https://gitlab.alpinelinux.org/alpine/aports/-/issues --with-system-zlib --with-linker-hash-style=gnu --with-pkgversion='Alpine 13.2.1_git20231014'
Thread model: posix
Supported LTO compression algorithms: zlib
gcc version 13.2.1 20231014 (Alpine 13.2.1_git20231014)

[NathanFreeman]

上传的是普通文件吗

[NathanFreeman]

不使用协程服务端，使用异步http服务端会出现这个吗

[szutoutou]

上传的是普通文件吗

之前nginx日志未开启，没有完整的form-data，core里面截取的部分来追溯api，该api是不需要传文件的，一个简单的数据上报api。
异步http服务端没有尝试，用的hyperf协程模式

[NathanFreeman]

就是api接口，但是content-type是form-data是吗，可以提供一下你的请求体参数来复现吗？

[szutoutou]

就是api接口，但是content-type是form-data是吗，可以提供一下你的请求体参数来复现吗？

是的。
目前没办法复现，已经开日志在收集了，似乎是个爬虫请求过来的，偶发出现的，需要等出现才能有body。
此处是为什么一定要abort呢，因为非法数据导致abort好像不太合理

[NathanFreeman]

可能是触发了MPPE_UNKNOWN这个，导致abort了

[NathanFreeman]

可能是触发了MPPE_UNKNOWN这个，导致abort了

[szutoutou]

可能是触发了MPPE_UNKNOWN这个，导致abort了

MPPE_UNKNOWN也是属于请求体异常吧，这里直接abort是不是不太合理，4.8.1的时候这里还没有abort诶~

[NathanFreeman]

我看看怎么复现和修改

[szutoutou]

我看看怎么复现和修改

------WebKitFormBoundaryHyCs4tZtwR555gS7
Content-Disposition: form-data; name="image"

0
------WebKitFormBoundaryHyCs4tZtwR555gS7
Content-Disposition: form-data; name="list_image"

0
------WebKitFormBoundaryHyCs4tZtwR555gS7
Content-Disposition: form-data; name="fav"

0
------WebKitFormBoundaryHyCs4tZtwR555gS7
Content-Disposition: form-data; name="share"

0
------WebKitFormBoundaryHyCs4tZtwR555gS7
Content-Disposition: form-data; name="call"

0
------WebKitFormBoundaryHyCs4tZtwR555gS7
Content-Disposition: form-data; name="friend"

0
------WebKitFormBoundaryHyCs4tZtwR555gS7
Content-Disposition: form-data; name="question"

0
------WebKitFormBoundaryHyCs4tZtwR555gS7
Content-Disposition: form-data; name="print"

0
------WebKitFormBoundaryHyCs4tZtwR555gS7
Content-Disposition: form-data; name="address"

0
------WebKitFormBoundaryHyCs4tZtwR555gS7
Content-Disposition: form-data; name="message"

0
------WebKitFormBoundaryHyCs4tZtwR555gS7
Content-Disposition: form-data; name="deep"

1
------WebKitFormBoundaryHyCs4tZtwR555gS7
Content-Disposition: form-data; name="browse_time"

8000
------WebKitFormBoundaryHyCs4tZtwR555gS7
Content-Disposition: form-data; name="device"

touch
------WebKitFormBoundaryHyCs4tZtwR555gS7
Content-Disposition: form-data; name="type"

2
------WebKitFormBoundaryHyCs4tZtwR555gS7
Content-Disposition: form-data; nam

昨天有出现一次，应该是个不完整的form-data，本地尝试没办法复现，body长度 跟真实的请求不一样。 nginx记录到的body_send 170

[NathanFreeman]

谢谢，我这边看看