httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 37839] - potential "out-of-bounds" error in apr_snprintf triggered by mod_deflate resulting in SIGSEGV
Date Thu, 08 Dec 2005 15:43:51 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=37839>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=37839





------- Additional Comments From ssehic@gmail.com  2005-12-08 16:43 -------
Sure, here we go:

ssehic@build-2-i386:/apache/core/bin$ sudo gdb httpd
GNU gdb 6.3
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-unknown-openbsd3.8"...
(gdb) b deflate_out_filter
Breakpoint 1 at 0x1c03dc2d: file mod_deflate.c, line 221.
(gdb) run -X -d /apache/core
Starting program: /apache/core/bin/httpd -X -d /apache/core

Breakpoint 1, deflate_out_filter (f=0x7c593340, bb=0x84459eb0) at mod_deflate.c:221
221         request_rec *r = f->r;
(gdb) p r->uri
$1 = 0x0
(gdb) c
Continuing.

Program received signal SIGSEGV, Segmentation fault.
0x08793206 in apr_vformatter (flush_func=0x8793544 <snprintf_flush>,
vbuff=0xcfbcded8, fmt=0x3c009cc3 "s", ap=0xcfbd1fc4 "")
    at /apache/source/httpd-2.2.0/srclib/apr/strings/apr_snprintf.c:968
968                             s_len = strlen(s);
(gdb) ptype z_stream
type = struct z_stream_s {
    Bytef *next_in;
    uInt avail_in;
    off_t total_in;
    Bytef *next_out;
    uInt avail_out;
    off_t total_out;
    char *msg;
    struct internal_state *state;
    alloc_func zalloc;
    free_func zfree;
    voidpf opaque;
    int data_type;
    uLong adler;
    uLong reserved;
}
(gdb) ptype uLong
type = long unsigned int


-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message