www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <...@algroup.co.uk>
Subject Re: general/2245: Insure memory checker found errors
Date Tue, 26 May 1998 19:52:57 GMT
Dietz, Phil E. wrote:
> 
> The following reply was made to PR general/2245; it has been noted by GNATS.
> 
> From: "Dietz, Phil E." <pedietz@west.com>
> To: coar@hyperreal.org
> Cc: "'apbugs@Apache.Org'" <apbugs@Apache.Org>
> Subject: RE: general/2245: Insure memory checker found errors
> Date: Tue, 26 May 1998 12:27:51 -0500
> 
>  Here are a few of the errors from my preliminary test.
>  We'll call this test 1.0  05/26/98.
> 
>  I'll post more as I can test more features.
> 
>  [http_main.c:985] **WRITE_DANGLING**
>  >>         ap_scoreboard_image->servers[my_child_num].timeout_len = x;
> 
>    Writing to a dangling pointer: ap_scoreboard_image
> 
>    Pointer : 0xc271c000
>    In block: 0xc271c000 thru 0xc271d403 (5124 bytes)
>                    block allocated at:
>                             shmat()  (interface)
>                  setup_shared_mem()  http_main.c, 1622
>                 reinit_scoreboard()  http_main.c, 1735
>                   standalone_main()  http_main.c, 3775
>                              main()  http_main.c, 4039
> 
>                    stack trace where memory was freed:
>                            shmctl()  (interface)
>                  setup_shared_mem()  http_main.c, 1646
>                 reinit_scoreboard()  http_main.c, 1735
>                   standalone_main()  http_main.c, 3775
>                              main()  http_main.c, 4039
> 
>    Stack trace where the error occurred:
>         ap_set_callback_and_alarm()  http_main.c, 985
>                   ap_kill_timeout()  http_main.c, 1069
>                        child_main()  http_main.c, 3202
>                        make_child()  http_main.c, 3555
>                  startup_children()  http_main.c, 3582
>                   standalone_main()  http_main.c, 3802
>                              main()  http_main.c, 4039

It's difficult to be sure because the line numbers don't correspond to
the current source, but this appears to be a bug in Insure. The memory
was not freed in setup_shared_mem(), what actually happened is the
descriptor for it was deleted.

>  [mod_setenvif.c:361] **PARM_NULL**
>  >>         if (!regexec(b->preg, val, 0, NULL, 0)) {
> 
>    Array parameter is null: pmatch
> 
>    Stack trace where the error occurred:
>                           regexec()
>                     match_headers()  mod_setenvif.c, 361
>                        run_method()  http_config.c, 352
>          ap_run_post_read_request()  http_config.c, 394
>                   ap_read_request()  http_protocol.c, 800
>                        child_main()  http_main.c, 3427
>                        make_child()  http_main.c, 3555
>                  startup_children()  http_main.c, 3582
>                   standalone_main()  http_main.c, 3802
>                              main()  http_main.c, 4039

This looks like another bug - the parameter is allowed to be NULL.

>  [mod_log_config.c:387] **WRITE_OVERFLOW**
>  >>         strftime(tstr, MAX_STRING_LEN, "[%d/%b/%Y:%H:%M:%S ", t);
> 
>    Writing overflows memory: <argument 1>
> 
>            bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb
>            | 592 |              7600              | 592 |
>                  wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
> 
>     Writing  (w) : 0x7b033b78 thru 0x7b035b77 (8192 bytes)
>     To block (b) : 0x7b033928 thru 0x7b035927 (8192 bytes)
>                   l, declared at http_protocol.c, 629

Another bug - the write cannot possibly take up 8192 bytes, though it
may be more correct to limit it to the right amount.

In summary: it looks to me like your bug reports should go to the
authors of Insure, not us.

Cheers,

Ben.

-- 
Ben Laurie            |Phone: +44 (181) 735 0686|  Apache Group member
Freelance Consultant  |Fax:   +44 (181) 735 0689|http://www.apache.org
and Technical Director|Email: ben@algroup.co.uk |
A.L. Digital Ltd,     |Apache-SSL author    http://www.apache-ssl.org/
London, England.      |"Apache: TDG" http://www.ora.com/catalog/apache

Mime
View raw message