[users@httpd] bug in mod_proxy_html or apache2 API ?

[stephane duverger <st...@illicom.com>]

Hello,

I think i've found a  bug in the module "proxy_html" using 
Apache/2.0.52 (Debian GNU/Linux) proxy_html/2.4 configured.

The problem occurs after calling "ap_get_module_config()". This function
should init the module's "config struct" with user's configuration or
with default values if i'm correct (set in proxy_html_config() ).

One option seems to be really important: buffer size. It is used to
realloc memory areas.

The fact is that even if i set the "ProxyHTMLBufSize" option manually or
let the default value, the "buffer size" field of the "config struct" is
always set to a huge value (1684369001 according to debug logs).

Then bug occurs, a buffer in a call to preserve() is reallocated with
this value and so realloc() returns 0. It then leads to a segfault in
pappend():

preserve:
	...
	ctx->avail += ctx->cfg->bufsz ;
	...
	 newbuf = realloc(ctx->buf, ctx->avail) ;
	...

pappend:
	...
	preserve(ctx, len) ; // now ctx->buf = 0
	memcpy(ctx->buf+ctx->offset,buf,len);
	...

[notice] child pid 19977 exit signal Segmentation fault (11)

So it seems that "ap_get_module_config()" does not do its job the right way.
Do you think it's a bug in apache 2 API ?

Regards,

stephane



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

[users@httpd] Reporting bugs (Re: bug in mod_proxy_html or apache2 API ?)

[Nick Kew <ni...@webthing.com>]

On Mon, 11 Oct 2004, stephane duverger wrote:

> Hello,
> [chop bug report]

To anyone lurking here, this is perhaps the most useful bug report I can
recollect getting in over 20 years programming.  It was so clear I was
able to figure it out within a couple of minutes of opening the email.

I know not everyone has the ability to make this kind of diagnosis.
But to those who can - this is exactly the kind of report we need to
fix a real bug.  Of course I don't speak for other programmers, but I
expect in this case few would disagree!

Thank you stephane!

-- 
Nick Kew

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] bug in mod_proxy_html or apache2 API ?

[Nick Kew <ni...@webthing.com>]

On Mon, 11 Oct 2004, stephane duverger wrote:

> Hello,
>
> I think i've found a  bug in the module "proxy_html" using
> Apache/2.0.52 (Debian GNU/Linux) proxy_html/2.4 configured.

You have: failure to deal correctly with bufsz in proxy_html_merge.
Comes of adding bufsz as an *option* (it was previously fixed) and
failing to test the relevant cases.

Updating it right now, and wiping the egg from my face:-(

-- 
Nick Kew

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org