httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lars Eilebrecht <>
Subject Re: regex-related segfault in mod_include
Date Fri, 27 Feb 2009 11:53:33 GMT
Ruediger Pluem wrote:

> What are the values of
> idx
> re->match[idx].rm_so
> re->match[idx].rm_eo
> re->source
> and what is the string re->source is pointing to when the crash happens?

idx is 1 and re->source points to an empty string which is fine.
However, re->match[idx].rm_so and re->match[idx].rm_eo are random numbers,
i.e., a garbage value (I guess they should be 0 if there was no match?).
Thus the argument "re->source + re->match[idx].rm_so" ends up pointing to
an out of band location (and a memcpy() for that location results in
the segfault).

I just don't really get why this happens in some cases (like 1 out of
10 requests).

BTW, I can reproduce this on Solaris and Linux (worker and prefork)
with 2.2.11. With 2.0 this works fine.

Lars Eilebrecht

View raw message