httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Orton <>
Subject Re: Segfault with fix for CVE-2009-1891
Date Mon, 03 Aug 2009 10:52:45 GMT
On Tue, Jul 28, 2009 at 07:35:25PM +0200, Stefan Fritsch wrote:
> Hi,
> I have backported r791454 to 2.2.3 in Debian 4.0 and have received a
> report [1] about segfaults with mod_deflate and mod_php (5.2.0). As
> far as I understand it, the reason is that mod_php uses ap_rwrite
> which creates transient buckets. When the connection is closed by the
> client, these buckets sometimes stay in the bucket brigade when
> ap_pass_brigade returns an error for the compressed data of an
> earlier bucket. If deflate_out_filter gets called again with the same
> brigade, the memory of the transient buckets is no longer valid,
> causing a segfault.

This sounds exactly like:

I've proposed the fix for backport:

Regards, Joe

View raw message