You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by je...@apache.org on 2005/08/23 18:12:02 UTC
svn commit: r239425 - /httpd/mod_mbox/trunk/module-2.0/mbox_parse.c
Author: jerenkrantz
Date: Tue Aug 23 09:12:01 2005
New Revision: 239425
URL: http://svn.apache.org/viewcvs?rev=239425&view=rev
Log:
Fix a segfault seen with ws-fx-dev/200502.mbox on ajax.
* module-2.0/mbox_parse.c
(mbox_generate_index): Check if we're at the end of mmap region before
running the From check.
Modified:
httpd/mod_mbox/trunk/module-2.0/mbox_parse.c
Modified: httpd/mod_mbox/trunk/module-2.0/mbox_parse.c
URL: http://svn.apache.org/viewcvs/httpd/mod_mbox/trunk/module-2.0/mbox_parse.c?rev=239425&r1=239424&r2=239425&view=diff
==============================================================================
--- httpd/mod_mbox/trunk/module-2.0/mbox_parse.c (original)
+++ httpd/mod_mbox/trunk/module-2.0/mbox_parse.c Tue Aug 23 09:12:01 2005
@@ -738,6 +738,13 @@
{
#ifdef APR_HAS_MMAP
msgc.body_end = b.b - b.sb;
+ /* With mmap, we can hit a file that brings the From check to the very
+ * end of the mmap region - hence a dangling pointer (likely SEGV).
+ * Therefore, break out of the loop first.
+ */
+ if (msgc.body_end == b.maxlen) {
+ break;
+ }
#else
msgc.body_end = b.totalread - b.len + b.b - b.rb;
#endif