httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Trawick <traw...@attglobal.net>
Subject [PATCH] fix a segfault (and maybe more) in mod_include
Date Tue, 15 Jan 2002 19:57:11 GMT
Sander mentioned that he hit a segfault with a bad URL and
APR_POOL_DEBUG_VERBOSE+ElectricFence.  Sure enough, I was able to
recreate on the first attempt.

The change below comes right after a big while loop which terminates
like so:

while (dptr != APR_BRIGADE_SENTINEL(*bb) && !APR_BUCKET_IS_EOS(dptr))

The segfault was due to the inability to dereference dptr to see if it
was an EOS bucket.  dptr was actually the sentinel of the *bb brigade.

I wonder if (without the segfault) not catching the sentinel condition
could cause stuff to be sent in the wrong order...

Index: modules/filters/mod_include.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/filters/mod_include.c,v
retrieving revision 1.186
diff -u -r1.186 mod_include.c
--- modules/filters/mod_include.c	13 Jan 2002 06:34:10 -0000	1.186
+++ modules/filters/mod_include.c	15 Jan 2002 19:52:23 -0000
@@ -3063,7 +3063,8 @@
     }
 
     /* We have nothing more to send, stop now. */
-    if (APR_BUCKET_IS_EOS(dptr)) {
+    if (dptr == APR_BRIGADE_SENTINEL(*bb) ||
+        APR_BUCKET_IS_EOS(dptr)) {
         /* We might have something saved that we never completed, but send
          * down unparsed.  This allows for <!-- at the end of files to be
          * sent correctly. */

-- 
Jeff Trawick | trawick@attglobal.net | PGP public key at web site:
       http://www.geocities.com/SiliconValley/Park/9289/
             Born in Roswell... married an alien...

Mime
View raw message