You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by je...@apache.org on 2005/08/23 18:12:02 UTC

svn commit: r239425 - /httpd/mod_mbox/trunk/module-2.0/mbox_parse.c

Author: jerenkrantz
Date: Tue Aug 23 09:12:01 2005
New Revision: 239425

URL: http://svn.apache.org/viewcvs?rev=239425&view=rev
Log:
Fix a segfault seen with ws-fx-dev/200502.mbox on ajax.

* module-2.0/mbox_parse.c
  (mbox_generate_index): Check if we're at the end of mmap region before
  running the From check.

Modified:
    httpd/mod_mbox/trunk/module-2.0/mbox_parse.c

Modified: httpd/mod_mbox/trunk/module-2.0/mbox_parse.c
URL: http://svn.apache.org/viewcvs/httpd/mod_mbox/trunk/module-2.0/mbox_parse.c?rev=239425&r1=239424&r2=239425&view=diff
==============================================================================
--- httpd/mod_mbox/trunk/module-2.0/mbox_parse.c (original)
+++ httpd/mod_mbox/trunk/module-2.0/mbox_parse.c Tue Aug 23 09:12:01 2005
@@ -738,6 +738,13 @@
     {
 #ifdef APR_HAS_MMAP
         msgc.body_end = b.b - b.sb;
+        /* With mmap, we can hit a file that brings the From check to the very
+         * end of the mmap region - hence a dangling pointer (likely SEGV).
+         * Therefore, break out of the loop first.
+         */
+        if (msgc.body_end == b.maxlen) {
+            break;
+        }
 #else
         msgc.body_end = b.totalread - b.len + b.b - b.rb;
 #endif