Return-Path: Delivered-To: apmail-ws-axis-dev-archive@www.apache.org Received: (qmail 13927 invoked from network); 15 Jan 2004 16:08:34 -0000 Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12) by minotaur-2.apache.org with SMTP; 15 Jan 2004 16:08:34 -0000 Received: (qmail 30283 invoked by uid 500); 15 Jan 2004 16:08:24 -0000 Delivered-To: apmail-ws-axis-dev-archive@ws.apache.org Received: (qmail 30257 invoked by uid 500); 15 Jan 2004 16:08:24 -0000 Mailing-List: contact axis-dev-help@ws.apache.org; run by ezmlm Precedence: bulk Reply-To: axis-dev@ws.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list axis-dev@ws.apache.org Received: (qmail 30246 invoked from network); 15 Jan 2004 16:08:24 -0000 Date: 15 Jan 2004 16:08:35 -0000 Message-ID: <20040115160835.5571.qmail@nagoya.betaversion.org> From: bugzilla@apache.org To: axis-dev@ws.apache.org Cc: Subject: DO NOT REPLY [Bug 26170] New: - Apache Module: mod_axis2 causes crash X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=26170 Apache Module: mod_axis2 causes crash Summary: Apache Module: mod_axis2 causes crash Product: Axis-C++ Version: 1.0 Final Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: Other Component: Transport (Server) AssignedTo: axis-dev@ws.apache.org ReportedBy: roland.kosovsky@abacus.ch "sstr->so.http.op_headercount" is not set to 0 in file "mod_axis2.c". During my tests this caused a crash (in "mod_axis.c" it is zeroed). mod_axis2.c, Ln 138: static int mod_axis_method_handler (request_rec *req_rec) ... sstr = malloc(sizeof(Ax_soapstream)); memset(sstr, 0, sizeof(Ax_soapstream)); // <<<<< insert this line However a found an other bug: ... if(0 != process_request(sstr)) { /*ap_rputs("SOAP Engine failed to response",req_rec);*/ return OK; // ###### sstr will never be freed!!!!! } if (sstr->so.http.op_headers) free(sstr->so.http.op_headers); free(sstr); ... My suggestion is to create to object on stack so it will be deleted for free: Ax_soapstream obj; memset(&obj, 0, sizeof(obj)); Ax_soapstream* sstr = &obj; ...