httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 61228] Possible Invalid Reference to Stack Memory (modules/http/chunk_filters.c)
Date Wed, 28 Jun 2017 07:17:21 GMT
https://bz.apache.org/bugzilla/show_bug.cgi?id=61228

Alex CHEN <alexc@sbrella.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |UNCONFIRMED
     Ever confirmed|1                           |0
         Resolution|WORKSFORME                  |---

--- Comment #3 from Alex CHEN <alexc@sbrella.com> ---
(In reply to Yann Ylavic from comment #1)
> As their name suggests, "transient" buckets can point to stack memory, where
> the creator of such buckets is responsible for the scope.
> 
> In this case, the transient bucket 'e' will be either setaside (moved to
> heap memory) by subsequent filters in ap_pass_brigade(), or cleaned up with
> its brigade 'b' before the end of the function.
> 
> So it won't "leak" (hence be accessed) outside the function, AFAICT.

Inside `apr_brigade_cleanup`, there is a FIX for
https://bz.apache.org/bugzilla/show_bug.cgi?id=51062,
https://svn.apache.org/viewvc/apr/apr/trunk/buckets/apr_brigade.c?annotate=1102687&pathrev=1102687,

Could there is a chance that: when hitting the above brigade corruption, the
fix breaks infinite loop but leave the brigade unclean (leak stack memory?) ? 

Could anybody have a check on this?

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message