httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 21285] New: - (mem) cache size becomes negative causing segfault
Date Wed, 02 Jul 2003 17:48:43 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21285>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21285

(mem) cache size becomes negative causing segfault

           Summary: (mem) cache size becomes negative causing segfault
           Product: Apache httpd-2.0
           Version: 2.0.46
          Platform: Other
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: Other Modules
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: m.torquati@huginsoft.it


Short description:

(mem) cache size becomes negative in some circumstances
(caching dynamic objects, small cache size, at least two threads),
later causing wrong behaviour and segfault in the cache_insert functions.

Detailed description:

If our understanding of the code is correct, dinamically generated
objects are first inserted in the cache as temporary objects with a
default size.
In the function write_body (in mod_mem_cache.c) to resize a temporary
object after it has been completed, it is first removed from cache,
and then it is re-inserted with its correct size. This operation is
performed withouth checking if the removed object is still present 
in the cache. Suppose another thread has removed the temporary object from the
cache because of a capacity miss in cache_insert functions (cache_cache.c). 
Then you can remove an object of different 
size and adjust the cache size in a wrong manner eventually producing a 
negative cache size. 
A negative cache size quickly produces a segfault in cache_insert().

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message