You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Ewald Dieterich <ew...@mailbox.org> on 2016/12/05 13:38:17 UTC
Segfault in mod_xml2enc.c with big5 charset
I have a segfault in mod_xml2enc.c, xml2enc_ffunc() when processing a
page with big5 charset.
The crash happens in line 472 because ctx->convset is NULL:
rv = apr_xlate_conv_buffer(ctx->convset, buf+(bytes - insz),
&insz, ctx->buf, &ctx->bytes);
The sequence leading to this crash is:
* Call apr_xlate_conv_buffer(...). Return value is APR_INCOMPLETE (_not_
APR_EINCOMPLETE) (probably because the buffer ends in the middle of a
multi-byte character).
* In "switch (rv)" enter the default case, set ctx->convset to NULL, and
despite what the comment says ("Bail out, flush ...") don't bail out,
instead continue with the loop.
* Call apr_xlate_conv_buffer(NULL, ...), crash with a segfault.
2 questions:
(1) Is APR_INCOMPLETE the same as APR_EINCOMPLETE when using the xlate
API? Then the "case APR_EINCOMPLETE" should probably also handle "case
APR_INCOMPLETE".
(2) What's the proper way to bail out from the default case? Just return
or is there anything to consider regarding ctx->bbnext?
Thanks for your help.
Re: Segfault in mod_xml2enc.c with big5 charset
Posted by Ewald Dieterich <ew...@mailbox.org>.
On 05.12.2016 14:38, Ewald Dieterich wrote:
> I have a segfault in mod_xml2enc.c, xml2enc_ffunc() when processing a
> page with big5 charset.
I have another crash at exactly the same location, this time with
charset "euc-kr". mod_xml2enc is definitely not able to handle
multi-byte charsets reliably.