httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brian Havard" <>
Subject Re: cvs commit: httpd-2.0/modules/filters mod_include.c
Date Sat, 18 Aug 2001 07:34:12 GMT
On 17 Aug 2001 17:21:16 -0400, Jeff Trawick wrote:

> writes:
>> trawick     01/08/17 13:41:15
>>   Modified:    modules/filters mod_include.c
>>   Log:
>>   Fix a problem in mod_include when we reached the BYTE_COUNT_THRESHOLD
>>   after parsing the first part of the tag.  We could get errors like
>>   [error] [client] unknown directive "<!" in parsed doc filename
>At this point, I think a certain class of errors are taken care of
>(encountering BYTE_COUNT_THRESHOLD at different places within the
>tag).  I've tested tag offsets from 1 to 10000 bytes and some selected
>ones above that
>I don't think we handle a tag longer than BYTE_COUNT_THRESHOLD.
>Paul mentioned off-line that he would look into that.  I doubt that is
>necessary for the short term.

I'm seeing a SEGV when parsing a file > 8192 bytes (even 1 byte greater).
Notable points:
- Stack is trashed, can't get a backtrace
- The client receives the full & correct response
- Appears to be a call to a null function pointer (EIP=0 in trap log),
destroying the buckets. It could just be a symptom of other corruption
- It still crashes even if the output is shorter than 8192 due to tag

This is on OS/2 where there's no mmap or sendfile. We've seen before that
the non-mmap code path is different enough to have its own bugs....

 |  Brian Havard                 |  "He is not the messiah!                   |
 |  |  He's a very naughty boy!" - Life of Brian |

View raw message