You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by ha...@thebackrow.net on 2001/08/14 21:00:19 UTC

bug #6336, segv in ap_die caused by ap_custom_response

Hey folks,

I'm writing a module for work (Apache 1.3.9 and 1.3.20) that uses an
ap_custom_response() call in the transhandler to set up an internal
redirect on 304 errors,  and I've hit the first part of bug 6336:
ap_custom_response sets core_dir_config->response_code_strings to some
memory that's allocated from the request_rec->pool,  so the first
request works fine but subsequent ones segfault in ap_die() ... it
looks up response_code_strings,  which points to memory that belongs to
the LAST request_rec.

It seems to me that ap_custom_response() is only intended to affect the
current request (r),  but ends up affecting all subsequent requests
because it changes the core_dir_config.  It seems like the *proper* way
to fix that is to duplicate, response_code_strings in request_rec and
then have the code that looks them up look at the current request
first,  and fall through to core_dir_config if nothing is found.

Or to clean out core_dir_config->response_code_strings after every
request, but then we're storing data which is really per-request
someplace else than request-rec,  which seems sort of pointless.

Any suggestions?  Am I missing something obvious?

-- 
					thanks,
		
					Will