httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 44648] New: NPE when issuing a range request on files that are greater than 2^32 bytes in size
Date Thu, 20 Mar 2008 18:19:58 GMT

           Summary: NPE when issuing a range request on files that are
                    greater than 2^32 bytes in size
           Product: Apache httpd-2
           Version: 2.2.8
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: major
          Priority: P2
         Component: Core

I have a simple module which handles certain urls and then issues a file
subrequest based on the url.  I have found this crash with files that are
larger than 2^32 bytes.

I stepped into it with MS VS 2005.  The error occurs in byterange_filter.c in
the libhttpd component.

Lines 266 to 282 execute a do while loop:

do {
    apr_bucket *foo;
    const char *str;
    apr_size_t len;

    if (apr_bucket_copy(ec, &foo) != APR_SUCCESS) {
        /* As above; this should not fail since the bucket has
         * a known length, but just to be sure, this takes
         * care of uncopyable buckets that do somehow manage
         * to slip through.  */
        /* XXX: check for failure? */
        apr_bucket_read(ec, &str, &len, APR_BLOCK_READ);
        apr_bucket_copy(ec, &foo);
    APR_BRIGADE_INSERT_TAIL(bsend, foo);
    ec = APR_BUCKET_NEXT(ec);
} while (ec != e2);

I get a bogus apr_bucket* near the end of the brigade.  It has a null value for
the ec->type->copy variable, which is what apr_bucket_copy uses.  A quick
change of the while condition to make it:

while (ec != e2 && ec->type->copy != NULL) fixed my problem, but I do not think
it is the proper thing to do.

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message