httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 51072] New: httpd segfaults when DYNAMIC_MODULE_LIMIT is reached
Date Fri, 15 Apr 2011 12:59:24 GMT

           Summary: httpd segfaults when DYNAMIC_MODULE_LIMIT is reached
           Product: Apache httpd-2
           Version: 2.3-HEAD
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Core

Created an attachment (id=26889)
 --> (
the cure

when httpd startup is aborted because the DYNAMIC_MODULE_LIMIT is hit it
segfaults. This happens because config.c:ap_add_module() inserts the new module
into the module list before it has checked for all possible errors. Then if the
limit is reached the module is partly added.

The caller mod_so.c:load_module() installs a pool cleanup to remove the module
only if ap_add_module() returns without error. But APR has also added a pool
cleanup to remove the mapped memory segment.

Now, when the pool is destroyed first the APR cleanup is called and it removes
the memory segment. But that segment also contains the module structure where
ap_top_module still points to. Then the next cleanup function for a dynamic
module (the one loaded previous to the module that caused hitting the limit) is
called. It calls config.c:ap_remove_module() which traverses the list starting
at ap_top_module. But ap_top_module still points to the memory segment that has
just been removed from the address space. Hence, it segfaults.

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message