httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Kraemer <Martin.Krae...@mch.sni.de>
Subject [BUG]: mod_mime_magic core dump FIX!
Date Fri, 25 Jul 1997 14:24:53 GMT
Hi,

This patch fixes a core dump which I had in mod_mime_magic (difficult to
find post-mortem, because all variables and the whole stack were hosed:
memcpy(dest,src,0xFFFFFFFF) destroys largs amounts of memory...).

When the uncompress() routine returns -1, then a wrong test in zmagic()
results in tryit() being called with a byte count of -1 (which is then
passed to memcpy()). The folowing patch fixes that.

PLEASE NOTE: Just for symmetry... The "-c" (use stdin) flag is valid for
both uncompress and gzip, (as would the "-d" flag). It is redundant for
both programs, because no file name is given to the program, I'd suggest
to either remove the "-c" flag or add it to both program's switches.

    Martin

--- mod_mime_magic.c.orig	Fri Jul 25 15:58:37 1997
+++ mod_mime_magic.c	Fri Jul 25 15:59:57 1997
@@ -2193,7 +2193,7 @@
     },
     {
         "\037\213", 2, {
-            "gzip", "-dq", NULL
+	    "gzip", "-dcq", NULL
         }, 1, "x-gzip"
     },
     /*
@@ -2202,7 +2202,7 @@
      */
     {
         "\037\036", 2, {
-            "gzip", "-dq", NULL
+	    "gzip", "-dcq", NULL
         }, 0, "x-gzip"
     },
 };
@@ -2226,7 +2226,7 @@
     if (i == ncompr)
         return 0;
 
-    if ((newsize = uncompress(r, i, buf, &newbuf, nbytes)) != 0) {
+    if ((newsize = uncompress(r, i, buf, &newbuf, nbytes)) > 0) {
         tryit(r, newbuf, newsize);
 
         /* set encoding type in the request record */

-- 
| S I E M E N S |  <Martin.Kraemer@mch.sni.de>  |      Siemens Nixdorf
| ------------- |   Voice: +49-89-636-46021     |  Informationssysteme AG
| N I X D O R F |   FAX:   +49-89-636-44994     |   81730 Munich, Germany
~~~~~~~~~~~~~~~~My opinions only, of course; pgp key available on request

Mime
View raw message