httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From (Robert S. Thau)
Subject Re: WWW Form Bug Report: "core dump reported almost every time
Date Mon, 27 May 1996 20:52:01 GMT
  I've been routinely linking with a tool called ElectricFence.
  It works by mmaping locked pages before and after a malloced

Hmmm... using a tool like this with the Apache pool system could 
give a false sense of security.  Remember, palloc() works by malloc()ing
large chunks of memory and then doling them out piecemeal to its callers.
So, the results from several palloc() calls can all be in the same 
malloc()ed region, with the result that you could overrun one and clobber
another without hitting the electric fence.

However, any decent checking malloc() should at least detect and report
corruption of the malloc() heap itself, which *seems* to be what Aram
is reporting...


PS --- If anybody wants, it shouldn't be *too* hard to write a "checking
   palloc()" which does a separate malloc() call for each palloc().  Putting
   this on top of a checking malloc() would hopefully do the right thing.
   There would likely be a very substantial efficiency hit, however.

View raw message