httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lars Eilebrecht <>
Subject Re: regex-related segfault in mod_include
Date Fri, 27 Feb 2009 15:23:17 GMT
"Plüm, Rüdiger, VF-Group" wrote:

> > However, re->match[idx].rm_so and re->match[idx].rm_eo are 
> > random numbers,
> > i.e., a garbage value (I guess they should be 0 if there was 
> > no match?).
> IMHO they should be -1. 

Right, that actually makes more sense ...

> We use different PCRE versions in both (and maybe mod_include changed too).
> I suspect that if ap_regexec in re_check does not detect a match 
> re->match[idx].rm_so is not setup correctly (maybe this changed between the
> different PCRE versions) and as we do not check in get_include_var if we had
> a match at all we fall over. So we should either memorize in the re struct
> if we matched or not by an additional flag, so something like (untested)

OK, nice ... I was trying to figure out if such a flag/value exists in
ap_regmatch_t, but that didn't got me very far as re->match is basically pointing
to garbage data. So initializing that actually prevents the segfault as it hits
the if statement for "re->match[idx].rm_so < 0" (I did a quick test with your
second patch).

However, for performance reasons I think fixing this with an additional flag
would be the best. I'll do some more testing and will come up with a final
patch for this.

Thanks Ruediger, that was very helpful. :)

Lars Eilebrecht

View raw message