httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruediger Pluem <rpl...@apache.org>
Subject Re: Segfault with fix for CVE-2009-1891
Date Thu, 30 Jul 2009 10:22:59 GMT


On 07/30/2009 10:48 AM, Stefan Fritsch wrote:
>> Right, it is not really helpful, but as you seem to be able to reproduce
>> the issue can you please create a backtrace on your own, preferably with
>> an unstripped and -g compiled php (which doesn't seem to be the case in
>> the
>> current backtrace) .
> 
> Backtrace is attached. Looking at it again, the brigade that contains the
> transient bucket does not seem to belong to the oldwrite filter. It's the
> brigade that is used by mod_php to pass the eos bucket. But since mod_php
> only creates eos buckets and uses ap_fwrite for everything else, I don't
> know where the transient bucket comes from.

I guess this is because they reuse the brigade for sending the EOS bucket
(which is fine). They should simply cleanup this brigade before sending
the EOS bucket down the chain.

Regards

RĂ¼diger

Mime
View raw message