Return-Path: 
 <dev-return-46501-apmail-httpd-dev-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-dev-archive@www.apache.org
Received: (qmail 86800 invoked from network); 11 Mar 2005 13:51:53 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199)
  by minotaur-2.apache.org with SMTP; 11 Mar 2005 13:51:53 -0000
Received: (qmail 58767 invoked by uid 500); 11 Mar 2005 13:51:50 -0000
Delivered-To: apmail-httpd-dev-archive@httpd.apache.org
Received: (qmail 58244 invoked by uid 500); 11 Mar 2005 13:51:49 -0000
Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help: <mailto:dev-help@httpd.apache.org>
list-unsubscribe: <mailto:dev-unsubscribe@httpd.apache.org>
List-Post: <mailto:dev@httpd.apache.org>
Delivered-To: mailing list dev@httpd.apache.org
Received: (qmail 58230 invoked by uid 99); 11 Mar 2005 13:51:49 -0000
X-ASF-Spam-Status: No, hits=-0.0 required=10.0
	tests=SPF_HELO_PASS
X-Spam-Check-By: apache.org
Received-SPF: neutral (hermes.apache.org: local policy)
Received: from post.hexten.net (HELO post.hexten.net) (65.254.52.58)
  by apache.org (qpsmtpd/0.28) with ESMTP; Fri, 11 Mar 2005 05:51:47 -0800
Received: from [192.168.0.2] (unknown [195.188.88.19])
	by post.hexten.net (Postfix) with ESMTP id 51EE98505E1
	for <dev@httpd.apache.org>; Fri, 11 Mar 2005 13:51:45 +0000 (GMT)
Mime-Version: 1.0 (Apple Message framework v619.2)
In-Reply-To: <076901c525fa$f6ee47f0$ad0110ac@nitesh>
References: <062f01c5257d$531bfcd0$ad0110ac@nitesh>
 <cc67648e0503101202d18807b@mail.gmail.com>
 <076901c525fa$f6ee47f0$ad0110ac@nitesh>
Content-Type: text/plain; charset=US-ASCII; format=flowed
Message-Id: <2a894f9fa9be365eba1457767717cdeb@apache.org>
Content-Transfer-Encoding: 7bit
From: Andy Armstrong <andya@apache.org>
Subject: Re: how to avoid overrun in apache
Date: Fri, 11 Mar 2005 13:51:43 +0000
To: dev@httpd.apache.org
X-Mailer: Apple Mail (2.619.2)
X-Virus-Checked: Checked
X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N

On 11 Mar 2005, at 05:27, Nitesh Naik wrote:
> ****  Purify instrumented /servers/run/apache/bin/httpd (pid 8850)  
> ****
> UMR: Uninitialized memory read:
>   * This is occurring while in thread 1074225280:
>         SHA1_Update    [libcrypto.a]
>   * Reading 1 byte from 0x8f7293f in the heap.
>   * Address 0x8f7293f is 31 bytes into a malloc'd block at 0x8f72920 
> of 32
> bytes.
>   * This block was allocated from thread 1074225280:
>         malloc         [rtlib.o]
>         default_malloc_ex [libcrypto.a]

That isn't a buffer overrun - it's an attempt to read uninitialised 
memory. While it's not usually good practice it doesn't necessarily 
mean that the code in question is incorrect.

That's unless I'm completely misreading what Purify is saying.

-- 
Andy Armstrong, hexten.net