httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Stoddard" <>
Subject core_output_filter seg fault
Date Mon, 28 Jan 2002 02:36:06 GMT
I am getting a seg fault attempting to write bogus buffers to the network.
apr_brigade_write() appears to be the culprit. I send an MMAP bucket into the
apr_brigade_write and it creates a transient bucket to point at the contents of the MMAP
bucket and hangs this transient on the ctx->b brigade. apr_brigade_destroy() whacks the
MMAP pointed to by the transient bucket in ctx->b, resulting in a segfault when we try
write the bogus buffer to the network.

The comment is, um, not reassuring.  Any ideas?


   const char *str;
   apr_size_t n;

   rv = apr_bucket_read(bucket, &str, &n, APR_BLOCK_READ);

  /* This apr_brigade_write does not use a flush function
     because we assume that we will not write enough data
     into it to cause a flush. However, if we *do* write
     "too much", then we could end up with transient
     buckets which would suck. This works for now, but is
     a bit shaky if changes are made to some of the
     buffering sizes. Let's do an assert to prevent
     potential future problems... */
     if (rv != APR_SUCCESS) {
         ap_log_error(APLOG_MARK, APLOG_ERR, rv, c->base_server,
                           "core_output_filter: Error reading from bucket.");
            return rv;
      apr_brigade_write(ctx->b, NULL, NULL, str, n);

View raw message