https://issues.apache.org/bugzilla/show_bug.cgi?id=45605
Jeff Lawson <[EMAIL PROTECTED]> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |[EMAIL PROTECTED]
OS/Version|Windows Vista |All
Version|2.2.8 |2.2.9
--- Comment #1 from Jeff Lawson <[EMAIL PROTECTED]> 2008-09-18 13:11:09 PST ---
I was able to reproduce this bug under heavy load on Linux CentOS 4. Without
the maintainer-mode configured ap_queue_push() would simply write past the end
of the worker_queue->data[] array, and into the work_queue_info structure that
happened to be allocated directly past it in memory. The end result was that
the condition variable pointer at worker_queue_info->wait_for_idler would be
overwritten (as well as the other parts of worker_queue_info before that) and
the child process would hang when it attempted to shutdown
(queue_info_cleanup(), apr_thread_cond_destroy(), apr_pool_cleanup_run(),
thread_cond_cleanup(), pthread_cond_destroy() hung in here attempting to lock
the mutex embedded in the condition variable.
I also observer other problems (seg faults in two other places) which ins't
surprising since we are looking at a buffer overrun into who knows what memory.
Duplicated with 2.2.9. When maintainer mode was enable I got the same assert as
reported in this bug.
I would be willing to work on a fix for this, but haven't had time to dig deep
enough to know if there already is a mechanism to prevent this buffer array
overflow that simply is broken, or if one needs to be built. Any pointers would
be appreciated.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
