httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kevin Wang <xwang_t...@yahoo.com>
Subject Re: Severe memory corruption problems in apr_rmm_* function of Apache 2.0.48
Date Sat, 06 Dec 2003 00:53:35 GMT
See the attached file for the diff output from "diff -C3".  Thanks.

-- Kevin

--- Kevin Wang <xwang_tech@yahoo.com> wrote:
> Hi All,
> 
> In the past a few days, I was trying to figure out a shared memory corruption
> problem in my module.  Eventually I found this bug in apr_rmm.c's
> find_block_of_size() function.
> 
> It is severe enough to mess up the whole rmm memory blocks and make apr_rmm_*
> functions totally not workable.  The source code version I am referring to is
> 2.0.48.
> 
> Thanks!
> 
> -- Kevin
> 
> Here are the problems and the fixes:
> 
> 1. in apr_rmm.c: line 129
> 
> if (bestsize - size > sizeof(struct rmm_block_t*)) {
> 
> >>>
> 
> if (bestsize - size > sizeof(rmm_block_t)) {
> 
> 
> 2.  in apr_rmm.c: line 141
> 
> blk = (rmm_block_t*)((char*)rmm->base + blk->next);
> 
> >>>
> 
> blk = (rmm_block_t*)((char*)rmm->base + new->next);
> 
> __________________________________
> Do you Yahoo!?
> Protect your identity with Yahoo! Mail AddressGuard
> http://antispam.yahoo.com/whatsnewfree

__________________________________
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
http://antispam.yahoo.com/whatsnewfree
Mime
View raw message