httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 44641] New: mod_rewrite ap_register_rewrite_mapfunc can use uninitialized memory
Date Wed, 19 Mar 2008 20:17:59 GMT

           Summary: mod_rewrite ap_register_rewrite_mapfunc can use
                    uninitialized memory
           Product: Apache httpd-2
           Version: 2.0.59
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_rewrite

Created an attachment (id=21691)
 --> (
mod_rewrite mapfunc_hash hash_make patch

I checked trunk, and this problem still exists there.

ap_register_rewrite_mapfunc calls apr_hash_set on a hashtable.  However,
mod_rewrite registers ap_register_rewrite_mapfunc as an optional function
before the hashtable is initialized with apr_hash_make.  That makes the
ap_register_rewrite_mapfunc function available to other modules before the
memory is initialized.

I found this out when writing a custom module that registers a function with
ap_register_rewrite_mapfunc.  My module has to do it in the pre_config stage,
because mod_rewrite requires the map function to be registered before it reads
a config line referencing it.

If I have in the apache config a LoadModule of my module before a LoadModule of
mod_rewrite, then I get a segmentation fault in the pre-config stage, because
it's dereferencing a null pointer to a non-existent hashtable.  If I change the
order of the LoadModule commands to load mod_rewrite first, then it works fine.
 If I have LoadModule of my module first, the segmentation fault happens even
though I register my hook to happen after mod_rewrite, like this:

    static const char * const preModules[] = { "mod_rewrite.c", NULL };

I fixed the problem with the mod_rewrite.c patch I'm including (-1 code line,
+1 code line).  With this patch applied, I do not even have to list
mod_rewrite.c to be run first in the pre_config stage; my module can be like


With the patch I'm attaching applied, and with my module using the pre_config
hook without listing mod_rewrite.c, I get no segmentation fault, even if my
module is LoadModule'd first.

I think this should be fixed in trunk, and backported to 2.2 and 2.0.

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message