apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Trawick <trawi...@bellsouth.net>
Subject [PATCH] fix cause of some of the heap corruption seen in Apache?
Date Wed, 28 Feb 2001 23:37:05 GMT
For an immortal bucket, the data is typically a non-writeable string.
But we do a free() on it when we get rid of the bucket representing
it.  This seems obviously broken

Why is transient any different in this respect?  The bucket code
doesn't know where the data lives (other than knowing that it needs a
meaningful setaside function).

Index: buckets/apr_buckets_simple.c
===================================================================
RCS file: /home/cvspublic/apr-util/buckets/apr_buckets_simple.c,v
retrieving revision 1.24
diff -u -r1.24 apr_buckets_simple.c
--- buckets/apr_buckets_simple.c	2001/02/28 02:19:02	1.24
+++ buckets/apr_buckets_simple.c	2001/02/28 23:32:17
@@ -151,7 +151,7 @@
 
 const apr_bucket_type_t apr_bucket_type_immortal = {
     "IMMORTAL", 5,
-    free,
+    apr_bucket_destroy_notimpl,
     simple_read,
     apr_bucket_setaside_notimpl,
     apr_bucket_simple_split,
@@ -160,7 +160,7 @@
 
 APU_DECLARE_DATA const apr_bucket_type_t apr_bucket_type_transient = {
     "TRANSIENT", 5,
-    free, 
+    apr_bucket_destroy_notimpl, 
     simple_read,
     transient_setaside,
     apr_bucket_simple_split,

-- 
Jeff Trawick | trawickj@bellsouth.net | PGP public key at web site:
       http://www.geocities.com/SiliconValley/Park/9289/
             Born in Roswell... married an alien...

Mime
View raw message