httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From stephane duverger <stephane.duver...@illicom.com>
Subject [users@httpd] bug in mod_proxy_html or apache2 API ?
Date Mon, 11 Oct 2004 16:24:43 GMT
Hello,

I think i've found a  bug in the module "proxy_html" using 
Apache/2.0.52 (Debian GNU/Linux) proxy_html/2.4 configured.

The problem occurs after calling "ap_get_module_config()". This function
should init the module's "config struct" with user's configuration or
with default values if i'm correct (set in proxy_html_config() ).

One option seems to be really important: buffer size. It is used to
realloc memory areas.

The fact is that even if i set the "ProxyHTMLBufSize" option manually or
let the default value, the "buffer size" field of the "config struct" is
always set to a huge value (1684369001 according to debug logs).

Then bug occurs, a buffer in a call to preserve() is reallocated with
this value and so realloc() returns 0. It then leads to a segfault in
pappend():

preserve:
	...
	ctx->avail += ctx->cfg->bufsz ;
	...
	 newbuf = realloc(ctx->buf, ctx->avail) ;
	...

pappend:
	...
	preserve(ctx, len) ; // now ctx->buf = 0
	memcpy(ctx->buf+ctx->offset,buf,len);
	...

[notice] child pid 19977 exit signal Segmentation fault (11)

So it seems that "ap_get_module_config()" does not do its job the right way.
Do you think it's a bug in apache 2 API ?

Regards,

stephane



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message