mod_include: YABU (yet another bug uncovered)

[Ron Park <ro...@cnet.com>]

Hi Again,

Well, we've come across another mod_include/cross brigade bug for which we
currently don't yet have a patch (should have one soon but thought I'd give
others a crack at it). :D

Here are two simple snippets, one which works, one which causes a core
dump even with the latest patch of mod_include:

<!--#if expr="$FALSE" -->True<!^P--#set var="v" value="t" -->Set<!--#else -->False<!--#set var="v" value="t" -->Set<!--#endif -->Done

<!--#if expr="$FALSE" -->T<!^P--#set var="v" value="t" -->Set<!--#else -->False<!--#set var="v" value="t" -->Set<!--#endif -->Done

(The Cntl-P is to cause mod_bucketeer to fire off: need the following
setting in your conf file to get this to work:

AddOutputFilter BUCKETEER;INCLUDES .html

Put each snippet in a file in your docroot, say, true.html and t.html and give
them a try.

I'm pretty sure it's related to the code around line 491 of mod_include.c
(at least that's the part that works differently for each one) but I haven't
figured out how it's wrong.

Thanks,
Ron

Re: mod_include: YABU (yet another bug uncovered)

[Cliff Woolley <jw...@virginia.edu>]

On Sat, 9 Aug 2003, Brian Pane wrote:

> This appears to be due to the code at line ~2961 of
> mod_include.c that tries to delete buckets from *bb
> until it hits the bucket where the next tag starts.
> In this test case, the bucket where the next tag
> starts isn't in *bb at all; it's in ctx->ssi_tag_brigade.

Doh.

> I'm evaluating a couple of potential fixes; if I work
> out something that looks correct, I'll post a patch.

Cool.  As long as it passes all of the perl framework test cases, then
it's fine by me.  :)

Thanks!
Cliff

Re: mod_include: YABU (yet another bug uncovered)

[Brian Pane <br...@cnet.com>]

This appears to be due to the code at line ~2961 of
mod_include.c that tries to delete buckets from *bb
until it hits the bucket where the next tag starts.
In this test case, the bucket where the next tag
starts isn't in *bb at all; it's in ctx->ssi_tag_brigade.
I'm evaluating a couple of potential fixes; if I work
out something that looks correct, I'll post a patch.

Brian

On Thu, 2003-08-07 at 13:09, Ron Park wrote:
> Hi Again,
> 
> Well, we've come across another mod_include/cross brigade bug for which we
> currently don't yet have a patch (should have one soon but thought I'd give
> others a crack at it). :D
> 
> Here are two simple snippets, one which works, one which causes a core
> dump even with the latest patch of mod_include:
> 
> <!--#if expr="$FALSE" -->True<!^P--#set var="v" value="t" -->Set<!--#else -->False<!--#set var="v" value="t" -->Set<!--#endif -->Done
> 
> <!--#if expr="$FALSE" -->T<!^P--#set var="v" value="t" -->Set<!--#else -->False<!--#set var="v" value="t" -->Set<!--#endif -->Done
> 
> (The Cntl-P is to cause mod_bucketeer to fire off: need the following
> setting in your conf file to get this to work:
> 
> AddOutputFilter BUCKETEER;INCLUDES .html
> 
> Put each snippet in a file in your docroot, say, true.html and t.html and give
> them a try.
> 
> I'm pretty sure it's related to the code around line 491 of mod_include.c
> (at least that's the part that works differently for each one) but I haven't
> figured out how it's wrong.
> 
> Thanks,
> Ron