You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2014/07/24 12:01:29 UTC
[Bug 56767] New: ap_update_child_status breaks with segmentation
fault if child_num is negative
https://issues.apache.org/bugzilla/show_bug.cgi?id=56767
Bug ID: 56767
Summary: ap_update_child_status breaks with segmentation fault
if child_num is negative
Product: Apache httpd-2
Version: 2.5-HEAD
Hardware: PC
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: Core
Assignee: bugs@httpd.apache.org
Reporter: ryotakatsuki@gmail.com
Created attachment 31844
--> https://issues.apache.org/bugzilla/attachment.cgi?id=31844&action=edit
Fix for ap_update_child_status segfault
I was debugging a weird segmentation fault with mod_wsgi and tracked it down
to:
static int update_child_status_internal(int child_num,
int thread_num,
int status,
conn_rec *c,
request_rec *r)
In server/scoreboard.c (being called by ap_update_child_status)
The problem is that child_num is a negative number and that function is using
it to index an array:
ws = &ap_scoreboard_image->servers[child_num][thread_num];
So it segfaults there.
The one setting child_num to -1 is mod_wsgi but checking other related
functions in scoreboard.c, I belive we should be checking if child_num > 0
there. I also checked when the code was refactored and it seems
"ap_update_child_status_from_indexes" was originally used (which does the
check) instead of update_child_status_internal so I believe it was left behind
by mistake when refactoring the code.
I'm attaching a fix to that, as well as for ap_update_child_status_from_conn,
which do not check child_num either.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 56767] ap_update_child_status breaks with segmentation fault if
child_num is negative
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=56767
ryotakatsuki@gmail.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Version|2.5-HEAD |2.4.10
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 56767] ap_update_child_status breaks with segmentation fault if
child_num is negative
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=56767
jkaluza@redhat.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jkaluza@redhat.com
--- Comment #1 from jkaluza@redhat.com ---
Committed in trunk in r1638073.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 56767] ap_update_child_status breaks with segmentation fault if
child_num is negative
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=56767
--- Comment #2 from jkaluza@redhat.com ---
Proposed in 2.4.x
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org