apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Neil Conway <...@cs.berkeley.edu>
Subject Re: [PATCH] bug in pollset_wakeup() + nocopy
Date Sun, 17 Jan 2010 01:30:36 GMT
Attached is a refreshed version of this patch that applies against
current APR trunk (after the recent pollcb_wakeup() changes). The
patch is now pretty trivial.

Note that if you want to backport this bug fix to the 1.4 branch, the
previous version of the patch should be used. But perhaps the easiest
route is to first backport the pollcb_wakeup() change, and then apply
this version of the patch.


On Wed, Jan 6, 2010 at 9:06 PM, Neil Conway <nrc@cs.berkeley.edu> wrote:
> Attached is a slightly revised version of this patch. Changes:
> * Initialize the apr_pool_t field of the apr_pollfd_t we use for the
> wakeup pipe. Not clear what this field is actually used for (candidate
> for removal in APR2?), but we may as well be tidy.
> * Fix a minor bug in one of the versions of close_wakeup_pipe():
> initialize both "rv0" and "rv1", to avoid potentially reading an
> uninitialized value.
> Neil
> On Wed, Jan 6, 2010 at 5:47 PM, Neil Conway <nrc@cs.berkeley.edu> wrote:
>> apr_pollset_wakeup() is buggy when used with APR_POLLSET_NOCOPY,
>> because create_wakeup_pipe() passes a stack-allocated apr_pollfd_t to
>> apr_pollset_add(). This is unsafe if the user specified
>> APR_POLLSET_NOCOPY when creating the pollset.
>> The attached patch fixes this by adding an apr_pollfd_t for the wakeup
>> pipe to apr_pollset_t, so that it has a sufficiently-long-lived
>> lifetime.
>> Neil

View raw message