httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Justin Erenkrantz <jerenkra...@ebuilt.com>
Subject Re: [PATCH] fix a segfault (and maybe more) in mod_include
Date Wed, 16 Jan 2002 19:18:39 GMT
On Tue, Jan 15, 2002 at 02:57:11PM -0500, Jeff Trawick wrote:
> Sander mentioned that he hit a segfault with a bad URL and
> APR_POOL_DEBUG_VERBOSE+ElectricFence.  Sure enough, I was able to
> recreate on the first attempt.
> 
> The change below comes right after a big while loop which terminates
> like so:
> 
> while (dptr != APR_BRIGADE_SENTINEL(*bb) && !APR_BUCKET_IS_EOS(dptr))
> 
> The segfault was due to the inability to dereference dptr to see if it
> was an EOS bucket.  dptr was actually the sentinel of the *bb brigade.
> 
> I wonder if (without the segfault) not catching the sentinel condition
> could cause stuff to be sent in the wrong order...

You could be at the end of the brigade (which means there is no more
data right now), but not at EOS (no more data coming ever).  You
could be in the middle of a tag brigade - doing this could lose
that info.  So, I think the proper check would be like so:

if (dptr != APR_BRIGADE_SENTINEL(*bb) && APR_BUCKET_IS_EOS(dptr)) {

Really it is shame that the BUCKET_IS macros can't handle this
themselves.  *sigh*  -- justin


Mime
View raw message