You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by Dean Gaudet <dg...@hyperreal.com> on 1997/03/10 10:27:43 UTC
cvs commit: apache/src CHANGES alloc.c
dgaudet 97/03/10 01:27:43
Modified: src CHANGES alloc.c
Log:
Memory allocation problem in push_array() -- it would corrupt memory
when nalloc==0.
Submitted: Kai Risku <kr...@tf.hut.fi> and Roy Fielding
Reviewed: Dean, Randy, Chuck
Revision Changes Path
1.193 +4 -1 apache/src/CHANGES
Index: CHANGES
===================================================================
RCS file: /export/home/cvs/apache/src/CHANGES,v
retrieving revision 1.192
retrieving revision 1.193
diff -C3 -r1.192 -r1.193
*** CHANGES 1997/03/10 09:20:38 1.192
--- CHANGES 1997/03/10 09:27:41 1.193
***************
*** 1,7 ****
Changes with Apache 1.2b8
*) invoke_handler() doesn't handle mime arguments in content-type
! [Petr Lampa] PR#160
*) Reduced IdentityCheck timeout to 30 seconds, as per RFC 1413 minimum.
[Ken Coar]
--- 1,10 ----
Changes with Apache 1.2b8
+ *) Memory allocation problem in push_array() -- it would corrupt memory
+ when nalloc==0. [Kai Risku <kr...@tf.hut.fi> and Roy Fielding]
+
*) invoke_handler() doesn't handle mime arguments in content-type
! [Petr Lampa] PR#160
*) Reduced IdentityCheck timeout to 30 seconds, as per RFC 1413 minimum.
[Ken Coar]
1.23 +6 -5 apache/src/alloc.c
Index: alloc.c
===================================================================
RCS file: /export/home/cvs/apache/src/alloc.c,v
retrieving revision 1.22
retrieving revision 1.23
diff -C3 -r1.22 -r1.23
*** alloc.c 1997/01/19 17:43:27 1.22
--- alloc.c 1997/03/10 09:27:41 1.23
***************
*** 461,471 ****
void *push_array (array_header *arr)
{
if (arr->nelts == arr->nalloc) {
! char *new_data = pcalloc (arr->pool, arr->nalloc * arr->elt_size * 2);
memcpy (new_data, arr->elts, arr->nalloc * arr->elt_size);
arr->elts = new_data;
! arr->nalloc *= 2;
}
++arr->nelts;
--- 461,474 ----
void *push_array (array_header *arr)
{
if (arr->nelts == arr->nalloc) {
! int new_size = (arr->nalloc <= 0) ? 1 : arr->nalloc * 2;
! char *new_data;
!
! new_data = pcalloc (arr->pool, arr->elt_size * new_size);
memcpy (new_data, arr->elts, arr->nalloc * arr->elt_size);
arr->elts = new_data;
! arr->nalloc = new_size;
}
++arr->nelts;
***************
*** 477,487 ****
int elt_size = dst->elt_size;
if (dst->nelts + src->nelts > dst->nalloc) {
! int new_size = dst->nalloc * 2;
char *new_data;
- if (new_size == 0) ++new_size;
-
while (dst->nelts + src->nelts > new_size)
new_size *= 2;
--- 480,488 ----
int elt_size = dst->elt_size;
if (dst->nelts + src->nelts > dst->nalloc) {
! int new_size = (dst->nalloc <= 0) ? 1 : dst->nalloc * 2;
char *new_data;
while (dst->nelts + src->nelts > new_size)
new_size *= 2;