You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Ron Park <ro...@cnet.com> on 2003/08/07 22:09:03 UTC
mod_include: YABU (yet another bug uncovered)
Hi Again,
Well, we've come across another mod_include/cross brigade bug for which we
currently don't yet have a patch (should have one soon but thought I'd give
others a crack at it). :D
Here are two simple snippets, one which works, one which causes a core
dump even with the latest patch of mod_include:
<!--#if expr="$FALSE" -->True<!^P--#set var="v" value="t" -->Set<!--#else -->False<!--#set var="v" value="t" -->Set<!--#endif -->Done
<!--#if expr="$FALSE" -->T<!^P--#set var="v" value="t" -->Set<!--#else -->False<!--#set var="v" value="t" -->Set<!--#endif -->Done
(The Cntl-P is to cause mod_bucketeer to fire off: need the following
setting in your conf file to get this to work:
AddOutputFilter BUCKETEER;INCLUDES .html
Put each snippet in a file in your docroot, say, true.html and t.html and give
them a try.
I'm pretty sure it's related to the code around line 491 of mod_include.c
(at least that's the part that works differently for each one) but I haven't
figured out how it's wrong.
Thanks,
Ron
Re: mod_include: YABU (yet another bug uncovered)
Posted by Cliff Woolley <jw...@virginia.edu>.
On Sat, 9 Aug 2003, Brian Pane wrote:
> This appears to be due to the code at line ~2961 of
> mod_include.c that tries to delete buckets from *bb
> until it hits the bucket where the next tag starts.
> In this test case, the bucket where the next tag
> starts isn't in *bb at all; it's in ctx->ssi_tag_brigade.
Doh.
> I'm evaluating a couple of potential fixes; if I work
> out something that looks correct, I'll post a patch.
Cool. As long as it passes all of the perl framework test cases, then
it's fine by me. :)
Thanks!
Cliff
Re: mod_include: YABU (yet another bug uncovered)
Posted by Brian Pane <br...@cnet.com>.
This appears to be due to the code at line ~2961 of
mod_include.c that tries to delete buckets from *bb
until it hits the bucket where the next tag starts.
In this test case, the bucket where the next tag
starts isn't in *bb at all; it's in ctx->ssi_tag_brigade.
I'm evaluating a couple of potential fixes; if I work
out something that looks correct, I'll post a patch.
Brian
On Thu, 2003-08-07 at 13:09, Ron Park wrote:
> Hi Again,
>
> Well, we've come across another mod_include/cross brigade bug for which we
> currently don't yet have a patch (should have one soon but thought I'd give
> others a crack at it). :D
>
> Here are two simple snippets, one which works, one which causes a core
> dump even with the latest patch of mod_include:
>
> <!--#if expr="$FALSE" -->True<!^P--#set var="v" value="t" -->Set<!--#else -->False<!--#set var="v" value="t" -->Set<!--#endif -->Done
>
> <!--#if expr="$FALSE" -->T<!^P--#set var="v" value="t" -->Set<!--#else -->False<!--#set var="v" value="t" -->Set<!--#endif -->Done
>
> (The Cntl-P is to cause mod_bucketeer to fire off: need the following
> setting in your conf file to get this to work:
>
> AddOutputFilter BUCKETEER;INCLUDES .html
>
> Put each snippet in a file in your docroot, say, true.html and t.html and give
> them a try.
>
> I'm pretty sure it's related to the code around line 491 of mod_include.c
> (at least that's the part that works differently for each one) but I haven't
> figured out how it's wrong.
>
> Thanks,
> Ron