apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Neil Conway <...@cs.berkeley.edu>
Subject Re: [PATCH] bug in pollset_wakeup() + nocopy
Date Fri, 05 Feb 2010 04:14:13 GMT
Any feedback on this patch? The bug it addresses exists in both 1.4.x and trunk.


On Sat, Jan 16, 2010 at 5:30 PM, Neil Conway <nrc@cs.berkeley.edu> wrote:
> Attached is a refreshed version of this patch that applies against
> current APR trunk (after the recent pollcb_wakeup() changes). The
> patch is now pretty trivial.
> Note that if you want to backport this bug fix to the 1.4 branch, the
> previous version of the patch should be used. But perhaps the easiest
> route is to first backport the pollcb_wakeup() change, and then apply
> this version of the patch.
> Neil
> On Wed, Jan 6, 2010 at 9:06 PM, Neil Conway <nrc@cs.berkeley.edu> wrote:
>> Attached is a slightly revised version of this patch. Changes:
>> * Initialize the apr_pool_t field of the apr_pollfd_t we use for the
>> wakeup pipe. Not clear what this field is actually used for (candidate
>> for removal in APR2?), but we may as well be tidy.
>> * Fix a minor bug in one of the versions of close_wakeup_pipe():
>> initialize both "rv0" and "rv1", to avoid potentially reading an
>> uninitialized value.
>> Neil
>> On Wed, Jan 6, 2010 at 5:47 PM, Neil Conway <nrc@cs.berkeley.edu> wrote:
>>> apr_pollset_wakeup() is buggy when used with APR_POLLSET_NOCOPY,
>>> because create_wakeup_pipe() passes a stack-allocated apr_pollfd_t to
>>> apr_pollset_add(). This is unsafe if the user specified
>>> APR_POLLSET_NOCOPY when creating the pollset.
>>> The attached patch fixes this by adding an apr_pollfd_t for the wakeup
>>> pipe to apr_pollset_t, so that it has a sufficiently-long-lived
>>> lifetime.
>>> Neil

View raw message