httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruediger Pluem <rpl...@apache.org>
Subject Re: httpd 2.2.8 segfaults
Date Sat, 23 Feb 2008 11:01:39 GMT


On 02/23/2008 09:46 AM, Niklas Edmundsson wrote:
> On Fri, 22 Feb 2008, Plüm, Rüdiger, VF-Group wrote:
> 
>>>     | type     (address)    | length | data addr
>>> ---------------------------------------------------
>>>   0 | FILE     (0x0815db00) | 16777216 | 0x0815daa8
>>>   1 | FILE     (0x0815db58) | 16777216 | 0x0815daa8
>>> <snip>
>>> 265 | FILE     (0x081699f8) | 16777216 | 0x0815daa8
>>> 266 | FILE     (0x0815d948) | 15392768 | 0x0815daa8
>>> 267 | EOS      (0x08169a50) | 0      | 0x00000000
>>> end of brigade
>>
>>
> 
>> Hm. Looks like to me that APR_BRIGADE_SENTINEL(ec) is true, because 
>> next points to the first bucket in the brigade and prev to the last 
>> one. AFAIK the SENTINEL is not a valid bucket and does not contain 
>> valid bucket data. This should NEVER happen and as we see the byte 
>> range filter code is not prepared to handle this.
> 
> Possibly. I wouldn't care too much though since backing out that faulty 
> patch to apr_brigade.c made the problem go away, even though it would 
> have been nicer with an "INTERNAL ERROR" message rather than a segfault.

I care, because I want to be sure that backing out the patch / fixing
apr_brigade_partition also fixes this one and that it is clear why we have
seen this 'corrupted' bucket. But I am pretty confident now that it was
the SENTINEL we saw here.

Regards

Rüdiger

Mime
View raw message