RE: SEGV in allocator_free

Fri, 19 Mar 2004 10:41:46 -0800 

Well - there might as-well be a bug in httpd (I don't deny that)

But shouldn't APR protect itself against NULL pointers in allocator_free ?

-Madhu

>-----Original Message-----
>From: William A. Rowe, Jr. [mailto:[EMAIL PROTECTED]
>Sent: Friday, March 19, 2004 10:26 AM
>To: Mathihalli, Madhusudan
>Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
>Subject: Re: SEGV in allocator_free
>
>
>How is this apr?  seems you have a pool scope bug causing a 
>double-clear?
>
>Bill
>
>At 12:08 PM 3/19/2004, Mathihalli, Madhusudan wrote:
>>Hi,
>>        I am trying to test a SSL Proxy server using 
>sslswamp, and I'm running into the following segmentation fault !
>>
>>There appears to be some missing error checks in the APR 
>library - here's the backtrace:
>>(Apache 2.0.48 - and I haven't tried 2.0.49)
>>
>>(gdb) bt
>>#0  0xc000000001ba2190:0 in allocator_free 
>(allocator=0x60000000001abe90, 
>>    node=0x0) at apr_pools.c:374
>>#1  0xc000000001ba2fe0:0 in apr_pool_clear (pool=0x6000000000439e68)
>>    at apr_pools.c:746
>>#2  0x400000000009fa00:0 in core_output_filter+0x8b0 ()
>>#3  0x4000000000082b50:0 in ap_pass_brigade+0x130 ()
>>#4  0xc000000001f31290:0 in bio_filter_out_flush+0x190 ()
>>   from /opt/hpws/apache/modules/mod_ssl.so
>>#5  0xc000000001f31790:0 in bio_filter_out_write+0x190 ()
>>   from /opt/hpws/apache/modules/mod_ssl.so
>>#6  0xc000000001fd4540:0 in BIO_write+0x1a0 ()
>>   from /opt/hpws/apache/modules/mod_ssl.so
>>#7  0xc000000001fae0d0:0 in ssl3_send_alert+0x770 ()
>>   from /opt/hpws/apache/modules/mod_ssl.so
>>#8  0xc000000001fa73a0:0 in ssl3_shutdown+0xe0 ()
>>   from /opt/hpws/apache/modules/mod_ssl.so
>>#9  0xc000000001f7c540:0 in SSL_shutdown+0xe0 ()
>>   from /opt/hpws/apache/modules/mod_ssl.so
>>#10 0xc000000001f56120:0 in SSL_smart_shutdown+0x40 ()
>>   from /opt/hpws/apache/modules/mod_ssl.so
>>#11 0xc000000001f33b60:0 in ssl_filter_io_shutdown+0xd0 ()
>>   from /opt/hpws/apache/modules/mod_ssl.so
>>#12 0xc000000001f33da0:0 in ssl_io_filter_cleanup+0x60 ()
>>(gdb) p node
>>$1 = (struct apr_memnode_t *) 0x0
>>(gdb) p index
>>$2 = 0
>>(gdb) fr 1
>>#1  0xc000000001ba2fe0:0 in apr_pool_clear (pool=0x6000000000439e68)
>>    at apr_pools.c:746
>>746     in apr_pools.c
>>(gdb) p pool->allocator
>>$3 = (struct apr_allocator_t *) 0x60000000001abe90
>>(gdb) p active->next
>>$4 = (struct apr_memnode_t *) 0x0
>>(gdb) p active
>>$5 = (struct apr_memnode_t *) 0x6000000000439e40
>>(gdb) p *active
>>$6 = {next = 0x0, ref = 0x6000000000439e40, index = 1, 
>free_index = 0, 
>>  first_avail = 0x6000000000439ed0 "`", endp = 0x600000000043be40 "`"}
>
>
>

Reply via email to