httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Blair Zajac <bl...@orcaware.com>
Subject [PATCH] gcc bounds checking assert in ssl_engine_io.c
Date Thu, 17 Apr 2003 22:01:42 GMT
When I compile and run httpd with mod_dav_svn over SSL with the
entire apr/apr-util/httpd-2.1 compiled with the gcc bounds checking
compiler, I get the following core dump:

ssl_engine_io.c:380:Bounds error: in memcpy with 0x82e0028 and 0x82e0038
for 447, source and destination objects overlap.
ssl_engine_io.c:380:  Pointer value: 0x82e0028
ssl_engine_io.c:380:  Object `malloc':
ssl_engine_io.c:380:    Address in memory:    0x82e0000 .. 0x82e202b
ssl_engine_io.c:380:    Size:                 8236 bytes
ssl_engine_io.c:380:    Element size:         1 bytes
ssl_engine_io.c:380:    Number of elements:   8236
ssl_engine_io.c:380:    Created at:           apr_pools.c, line 1312
ssl_engine_io.c:380:    Storage class:        heap
[Thu Apr 17 13:48:12 2003] [notice] child pid 25240 exit signal Abort (6)

The following patch fixes this.

Index: modules/ssl/ssl_engine_io.c
===================================================================
RCS file: /home/cvspublic/httpd-2.0/modules/ssl/ssl_engine_io.c,v
retrieving revision 1.105
diff -u -r1.105 ssl_engine_io.c
--- modules/ssl/ssl_engine_io.c 5 Apr 2003 19:04:44 -0000       1.105
+++ modules/ssl/ssl_engine_io.c 17 Apr 2003 21:55:51 -0000
@@ -377,7 +377,7 @@
     }
     else {
         /* swallow remainder of the buffer */
-        memcpy(in, buffer->value, buffer->length);
+        memmove(in, buffer->value, buffer->length);
         inl = buffer->length;
         buffer->value = NULL;
         buffer->length = 0;

This should apply cleanly to both 2.0 and 2.0, and won't break
anything, given that memmove is safer then memcpy.

Best,
Blair

-- 
Blair Zajac <blair@orcaware.com>
Plots of your system's performance - http://www.orcaware.com/orca/

Mime
View raw message