httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 57525] New: mod_macro use-after-clear bug
Date Mon, 02 Feb 2015 23:57:11 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=57525

            Bug ID: 57525
           Summary: mod_macro use-after-clear bug
           Product: Apache httpd-2
           Version: 2.4.10
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: major
          Priority: P2
         Component: Other Modules
          Assignee: bugs@httpd.apache.org
          Reporter: apache.org@tech.futurequest.net

Created attachment 32426
  --> https://issues.apache.org/bugzilla/attachment.cgi?id=32426&action=edit
ap_macros initialization patch

Upon Apache 2.4.12 (or 2.4.10) termination, glibc reports a corrupted
double-linked list.
============
*** Error in `/usr/sbin/httpd': corrupted double-linked list: 0x5674b738 ***
======= Backtrace: =========
/lib/libc.so.6(+0x76120)[0xf7b8d120]
/lib/libc.so.6(+0x7ccb1)[0xf7b93cb1]
/lib/libc.so.6(+0x7db6b)[0xf7b94b6b]
/usr/lib/libapr-1.so.0(apr_allocator_destroy+0x130)[0xf7d51fa9]
/usr/lib/libapr-1.so.0(apr_pool_destroy+0x140)[0xf7d52d84]
/usr/lib/libapr-1.so.0(apr_pool_terminate+0x82)[0xf7d52867]
/usr/lib/libapr-1.so.0(apr_terminate+0x3b)[0xf7d56099]
/usr/sbin/httpd(+0x2cb90)[0x56581b90]
/usr/sbin/httpd(main+0x1056)[0x56583792]
/lib/libc.so.6(__libc_start_main+0xf4)[0xf7b34224]
/usr/sbin/httpd(+0x2c691)[0x56581691]
======= Memory map: ========
56555000-5666a000 r-xp 00000000 fd:07 11482                             
/usr/sbin/httpd
5666a000-5666e000 r--p 00115000 fd:07 11482                             
/usr/sbin/httpd
5666e000-56671000 rw-p 00119000 fd:07 11482                             
/usr/sbin/httpd
56671000-567db000 rw-p 00000000 00:00 0                                  [heap]
============

Apache 2.4.10 and 2.4.12 were both built from source on a Gentoo hardened
system.

I tracked it down to a use-after-clear (cmd->temp_pool) bug on (lazy
initialization) of ap_macros.

I have attached a patch that fixes the problem and have confirmed that the APR
memory pool apr_global_pool->allocator->free[1] list is no longer corrupted.

--
Terra
http://www.FutureQuest.net

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message