Note: forwarded message attached.
__________________________________
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
http://antispam.yahoo.com/whatsnewfree
--- Begin Message ---
Hi All,
In the past a few days, I was trying to figure out a shared memory corruption
problem in my module. Eventually I found this bug in apr_rmm.c's
find_block_of_size() function.
It is severe enough to mess up the whole rmm memory blocks and make apr_rmm_*
functions totally not workable. The source code version I am referring to is
2.0.48.
Thanks!
-- Kevin
Here are the problems and the fixes:
1. in apr_rmm.c: line 129
if (bestsize - size > sizeof(struct rmm_block_t*)) {
>>>
if (bestsize - size > sizeof(rmm_block_t)) {
2. in apr_rmm.c: line 141
blk = (rmm_block_t*)((char*)rmm->base + blk->next);
>>>
blk = (rmm_block_t*)((char*)rmm->base + new->next);
__________________________________
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
http://antispam.yahoo.com/whatsnewfree
--- End Message ---
