You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Joe Orton <jo...@redhat.com> on 2005/05/31 15:49:44 UTC

[PATCH] mod_include variable corruption issue

PR 12655 is a rather natty pool lifetime issue...

mod_include sets r->subprocess_env = r->main->subprocess_env in the
subrequest, and may set variables in that table from the subrequest's
r->pool.  But it then goes and destroys the subrequest r->pool too early
(despite the fact that it guarantees it won't do that by joining the
pool).  So this can leave dangling pointers in the table.

Does anyone see any better fix than this?  (it looks like this affects
1.3 exactly the same)

Index: modules/filters/mod_include.c
===================================================================
--- modules/filters/mod_include.c	(revision 170945)
+++ modules/filters/mod_include.c	(working copy)
@@ -1699,10 +1699,10 @@
             SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
         }
 
-        /* destroy the sub request */
-        if (rr) {
-            ap_destroy_sub_req(rr);
-        }
+        /* Do *not* destroy the sub request here; it may have
+         * allocated variables in r->subprocess_env in the
+         * subrequest's r->pool, so that pool must survive as long as
+         * this request. */
 
         if (error_fmt) {
             break;