You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Ewald Dieterich <ew...@mailbox.org> on 2014/11/05 15:28:43 UTC

xml2enc_html_entity_fixups() consuming all memory

I'm running xml2enc in a reverse proxy setup (Apache httpd 2.4.4, but 
2.4.10 shows the same behavior). For a large response that the backend 
sends,  xml2enc_html_entity_fixups() is called with *bytesp == 4007511. 
The repeated call of apr_pstrcat() in the while loop leads to the 
consumption of all available memory. Apache then either aborts itself or 
gets killed by the Linux OOM killer.

The only fix that I can think of is to manage the memory myself, see my 
patch below. Is there a better way to fix this?

--- a/modules/filters/mod_xml2enc.c
+++ b/modules/filters/mod_xml2enc.c
@@ -610,10 +610,25 @@ static int xml2enc_html_entity_fixups(ap
          bytes_processed += inlen;
          assert((outlen >= 0) && (outlen < 
XML2ENC_HTML_ENTITY_FIXUPS_WORKBUF_LENGTH));
          workbuf[outlen] = 0; // add terminating zero byte
-        result_buf = result_buf ? apr_pstrcat(f->r->pool, result_buf, 
workbuf, NULL)
-                                : apr_pstrdup(f->r->pool, workbuf);
+
+        if (result_buf == NULL) {
+            result_buf = ap_malloc(outlen + 1);
+            strcpy(result_buf, workbuf);
+        }
+        else {
+            result_buf = ap_realloc(result_buf, result_size + outlen + 1);
+            strcat(result_buf, workbuf);
+        }
+
          result_size += outlen;
      }
+
+    if (result_buf) {
+        const char *old_result_buf = result_buf;
+        result_buf = apr_pstrdup(f->r->pool, old_result_buf);
+        free(old_result_buf);
+    }
+
      *bufp = result_buf;
      *bytesp = result_size;
      return OK;

Re: xml2enc_html_entity_fixups() consuming all memory

Posted by Eric Covener <co...@gmail.com>.

On Wed, Nov 5, 2014 at 9:41 AM, Eric Covener <co...@gmail.com> wrote:
> XML2ENC_HTML_ENTITY_FIXUPS_WORKBUF_LENGTH only finds a SUSE patch.

For this part I meant by searching the web (after striking out in
source and email)

Re: xml2enc_html_entity_fixups() consuming all memory

Posted by Ewald Dieterich <ew...@mailbox.org>.

On 11/05/2014 03:41 PM, Eric Covener wrote:
> On Wed, Nov 5, 2014 at 9:28 AM, Ewald Dieterich <ew...@mailbox.org> wrote:
>> I'm running xml2enc in a reverse proxy setup (Apache httpd 2.4.4, but 2.4.10
>> shows the same behavior).
>
> Are you running vanilla sources? I could not find this code and
> XML2ENC_HTML_ENTITY_FIXUPS_WORKBUF_LENGTH only finds a SUSE patch.

You are right, this is a patched Apache. I have to check where and why 
we pull in this change. Thanks for your help and sorry for the confusion.

Re: xml2enc_html_entity_fixups() consuming all memory

Posted by Eric Covener <co...@gmail.com>.

On Wed, Nov 5, 2014 at 9:28 AM, Ewald Dieterich <ew...@mailbox.org> wrote:
> I'm running xml2enc in a reverse proxy setup (Apache httpd 2.4.4, but 2.4.10
> shows the same behavior).

Are you running vanilla sources? I could not find this code and
XML2ENC_HTML_ENTITY_FIXUPS_WORKBUF_LENGTH only finds a SUSE patch.

(I'm not actually too familiar with this stuff, but went to poke
around to see more context!)