You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by John Bley <jb...@acpub.duke.edu> on 1999/02/23 17:38:37 UTC

[PATCH] 3 malloc checks, use pid_t (Forgot patch first time)

Whoops, forgot the patch the first time.  Flame away at my ineptitude.

Three missed malloc checks in ap/ap_execve.c and a pile of assumptions
about int being equivalent to pid_t in alloc.{c,h}.  WIN32 *might* be an
issue here but I doubt it based on an existing non-#ifdef-wrapped pid_t.

Patch in diff -u against 1.3.4 clean (yes, I should start using cvs).

On a related note, the mallocs in os/unix/*.c need checking/friendly
error messages.  I don't have access to any of the systems that use that
code (Rhapsody, AIX, anything where DLSYM_NEEDS_UNDERSCORE), so I can't
submit a tested patch.

Since src/regex appears to be a non-apache library, is it off-limits for
patches?  I assumed so, and haven't really looked at it too closely.

-- 
John Bley - jbb6@acpub.duke.edu
Duke '99 - English/Computer Science
  Since English is a mess, it maps well onto the problem space,
  which is also a mess, which we call reality.     - Larry Wall

diff -Burp apache_1.3.4/src/ap/ap_execve.c apache_1.3.4-patched/src/ap/ap_execve.c
--- apache_1.3.4/src/ap/ap_execve.c	Fri Jan  1 14:04:36 1999
+++ apache_1.3.4-patched/src/ap/ap_execve.c	Tue Feb 23 10:50:34 1999
@@ -126,8 +126,10 @@ int ap_execle(const char *filename, cons
     }
     va_end(adummy);
 
-    if ((argv = (char **) malloc((argc + 2) * sizeof(*argv))) == NULL)
+    if ((argv = (char **) malloc((argc + 2) * sizeof(*argv))) == NULL) {
+	fprintf(stderr, "Ouch!  Out of memory in ap_execle()!"\n;
 	return -1;
+    }
 
     /* Pass two --- copy the argument strings into the result space */
     va_start(adummy, argv0);
@@ -222,8 +224,10 @@ int ap_execve(const char *filename, cons
 	else {
 	    int i = count_args(argv) + 1;   /* +1 for leading SHELL_PATH */
 
-	    if ((script_argv = malloc(sizeof(*script_argv) * i)) == NULL)
+	    if ((script_argv = malloc(sizeof(*script_argv) * i)) == NULL) {
+		fprintf(stderr, "Ouch!  Out of memory in ap_execve()!\n");
 		return -1;
+	    }
 
 	    script_argv[0] = SHELL_PATH;
 
@@ -345,6 +349,10 @@ static const char **hashbang(const char 
 
 	    newargv = (char **) malloc((p - lbuf + 1)
                       + (i + sargc + 1) * sizeof(*newargv));
+	    if (newargv == NULL) {
+		fprintf(stderr, "Ouch!  Out of memory in hashbang()!\n");
+		return NULL;
+	    }
 	    ws = &((char *) newargv)[(i + sargc + 1) * sizeof(*newargv)];
 
 	    /* Copy entries to allocated memory */
diff -Burp apache_1.3.4/src/include/alloc.h apache_1.3.4-patched/src/include/alloc.h
--- apache_1.3.4/src/include/alloc.h	Sun Jan  3 07:04:36 1999
+++ apache_1.3.4-patched/src/include/alloc.h	Tue Feb 23 11:12:40 1999
@@ -342,7 +342,7 @@ enum kill_conditions {
 };
 
 typedef struct child_info child_info;
-API_EXPORT(void) ap_note_subprocess(pool *a, int pid,
+API_EXPORT(void) ap_note_subprocess(pool *a, pid_t pid,
 				    enum kill_conditions how);
 API_EXPORT(int) ap_spawn_child(pool *, int (*)(void *, child_info *),
 				   void *, enum kill_conditions,
diff -Burp apache_1.3.4/src/main/alloc.c apache_1.3.4-patched/src/main/alloc.c
--- apache_1.3.4/src/main/alloc.c	Sun Jan  3 07:04:37 1999
+++ apache_1.3.4-patched/src/main/alloc.c	Tue Feb 23 11:15:46 1999
@@ -1998,8 +1998,8 @@ struct process_chain {
     struct process_chain *next;
 };
 
-API_EXPORT(void) ap_note_subprocess(pool *a, int pid, enum kill_conditions how)
-{
+API_EXPORT(void) ap_note_subprocess(pool *a, pid_t pid, enum kill_conditions 
+how) {
     struct process_chain *new =
     (struct process_chain *) ap_palloc(a, sizeof(struct process_chain));
 
@@ -2022,11 +2022,11 @@ API_EXPORT(void) ap_note_subprocess(pool
 #define BINMODE
 #endif
 
-static int spawn_child_core(pool *p, int (*func) (void *, child_info *),
+static pid_t spawn_child_core(pool *p, int (*func) (void *, child_info *),
 			    void *data,enum kill_conditions kill_how,
 			    int *pipe_in, int *pipe_out, int *pipe_err)
 {
-    int pid;
+    pid_t pid;
     int in_fds[2];
     int out_fds[2];
     int err_fds[2];
@@ -2220,7 +2220,8 @@ API_EXPORT(int) ap_spawn_child(pool *p, 
 			       FILE **pipe_err)
 {
     int fd_in, fd_out, fd_err;
-    int pid, save_errno;
+    pid_t pid;
+    int save_errno;
 
     ap_block_alarms();
 
@@ -2280,7 +2281,7 @@ API_EXPORT(int) ap_bspawn_child(pool *p,
     HANDLE hPipeOutputReadDup = NULL;
     HANDLE hPipeErrorReadDup  = NULL;
     HANDLE hCurrentProcess;
-    int pid = 0;
+    pid_t pid = 0;
     child_info info;
 
 
@@ -2452,7 +2453,8 @@ API_EXPORT(int) ap_bspawn_child(pool *p,
 
 #else
     int fd_in, fd_out, fd_err;
-    int pid, save_errno;
+    pid_t pid;
+    int save_errno;
 
     ap_block_alarms();