You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@apr.apache.org by bu...@apache.org on 2010/09/30 11:19:56 UTC
DO NOT REPLY [Bug 48620] Bucket split overwriting existing buckets -
leading to memory corruption and crash
https://issues.apache.org/bugzilla/show_bug.cgi?id=48620
Joe Orton <jo...@redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
--- Comment #1 from Joe Orton <jo...@redhat.com> 2010-09-30 05:19:50 EDT ---
You are using apr_bucket_destroy() when apr_bucket_delete() is generally
appropriate.
Using _destroy() in place of _delete() means that adjacent buckets may retain
references to the destroyed bucket, which can lead to memory corruption.
Fixing this in your test case fixes the crash, so I expect it is the likely
cause, though the test case is too complex to be sure.
Doing a memset() on the data returned by a bucket read has undefined behaviour:
it is const data and you are casting away that const.
If you can come up with a minimal test case which:
a) *does* check return values
b) doesn't deliberately violate API constraints
please re-open.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@apr.apache.org
For additional commands, e-mail: bugs-help@apr.apache.org