You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Alexei Kosut <ak...@nueva.pvt.k12.ca.us> on 1997/06/22 11:44:12 UTC
bug! in pregsub
Hmm. I just noticed that pregsub, a function in util.c that I wrote
a long time ago, has a bug in it that causes Apache to die (with that
cute "Ouch! malloc failed" error). Surprising that no one noticed
until now... but nothing that comes with Apache except mod_rewrite
uses pregsub(), so I guess no one happened upon it.
The problem is that when it expands a variable, like $2, it checks to
make sure that there are actually two matched elements in the
regex. If not, it just skips the $2. It turns out it was one off, so
if there were only two matches, it would think $3 existed, and try to
put it into the substituted string. This is "undefined" according to
the POSIX regex spec. On my machine, using the HP-UX regex library, it
causes malloc errors. Perhaps on other OSes (or the Spencer package),
it still works.
At any rate, here's the patch. I guess this is for 1.2.1 as well as
1.3:
Index: util.c
===================================================================
RCS file: /export/home/cvs/apache/src/util.c,v
retrieving revision 1.53
diff -c -r1.53 util.c
*** util.c 1997/06/15 19:22:34 1.53
--- util.c 1997/06/22 09:39:17
***************
*** 232,238 ****
if (c == '\\' && (*src == '$' || *src == '&'))
c = *src++;
len++;
! } else if (no <= nmatch && pmatch[no].rm_so < pmatch[no].rm_eo) {
len += pmatch[no].rm_eo - pmatch[no].rm_so;
}
--- 232,238 ----
if (c == '\\' && (*src == '$' || *src == '&'))
c = *src++;
len++;
! } else if (no < nmatch && pmatch[no].rm_so < pmatch[no].rm_eo) {
len += pmatch[no].rm_eo - pmatch[no].rm_so;
}
***************
*** 256,262 ****
if (c == '\\' && (*src == '$' || *src == '&'))
c = *src++;
*dst++ = c;
! } else if (no <= nmatch && pmatch[no].rm_so < pmatch[no].rm_eo) {
len = pmatch[no].rm_eo - pmatch[no].rm_so;
strncpy(dst, source + pmatch[no].rm_so, len);
dst += len;
--- 256,262 ----
if (c == '\\' && (*src == '$' || *src == '&'))
c = *src++;
*dst++ = c;
! } else if (no < nmatch && pmatch[no].rm_so < pmatch[no].rm_eo) {
len = pmatch[no].rm_eo - pmatch[no].rm_so;
strncpy(dst, source + pmatch[no].rm_so, len);
dst += len;
--
________________________________________________________________________
Alexei Kosut <ak...@nueva.pvt.k12.ca.us> The Apache HTTP Server
URL: http://www.nueva.pvt.k12.ca.us/~akosut/ http://www.apache.org/