httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Cliff Woolley <jwool...@virginia.edu>
Subject Re: chunked input core dump on daedalus
Date Thu, 01 Nov 2001 20:45:01 GMT
On Thu, 1 Nov 2001, Greg Ames wrote:

> Our magic overloaded mode field:
>
> (gdb) p *readbytes
> $12 = -3
>
> core_input_filter thinks this means "read a block, no more than -3
> long", and ends up trying to partition at offset -3.  I believe the
> whole thing was looping, possibly driven by  ap_get_client_block, until
> we run out of memory and seg fault.

It'd be nice if it were checking the return value from
apr_brigade_partition(), which returns APR_EINVAL if given a negative
offset... besides, you never know when _partition() might get a failure
when trying to read a bucket for some reason.

--Cliff


--------------------------------------------------------------
   Cliff Woolley
   cliffwoolley@yahoo.com
   Charlottesville, VA



Mime
View raw message