httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [Bug 61228] Possible Invalid Reference to Stack Memory (modules/http/chunk_filters.c)
Date Wed, 28 Jun 2017 07:17:21 GMT

Alex CHEN <> changed:

           What    |Removed                     |Added
             Status|RESOLVED                    |UNCONFIRMED
     Ever confirmed|1                           |0
         Resolution|WORKSFORME                  |---

--- Comment #3 from Alex CHEN <> ---
(In reply to Yann Ylavic from comment #1)
> As their name suggests, "transient" buckets can point to stack memory, where
> the creator of such buckets is responsible for the scope.
> In this case, the transient bucket 'e' will be either setaside (moved to
> heap memory) by subsequent filters in ap_pass_brigade(), or cleaned up with
> its brigade 'b' before the end of the function.
> So it won't "leak" (hence be accessed) outside the function, AFAICT.

Inside `apr_brigade_cleanup`, there is a FIX for,,

Could there is a chance that: when hitting the above brigade corruption, the
fix breaks infinite loop but leave the brigade unclean (leak stack memory?) ? 

Could anybody have a check on this?

You are receiving this mail because:
You are the assignee for the bug.
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message