The limit checking is broken in 2.2's ap_get_scoreboard_*. This was
fixed in 2.4 in http://svn.apache.org/viewvc?view=revision&revision=417252
Patch below backports that, plus fixes the additional broken comparison
in ap_get_scoreboard_lb(), discovered by Hisanobu Okuda.
Can I get +1s for this for 2.2?
Submitted by: wrowe, jorton
Index: server/scoreboard.c
===================================================================
--- server/scoreboard.c (revision 1799181)
+++ server/scoreboard.c (working copy)
@@ -503,8 +503,8 @@
AP_DECLARE(worker_score *) ap_get_scoreboard_worker(int x, int y)
{
- if (((x < 0) || (server_limit < x)) ||
- ((y < 0) || (thread_limit < y))) {
+ if (((x < 0) || (x >= server_limit)) ||
+ ((y < 0) || (y >= thread_limit))) {
return(NULL); /* Out of range */
}
return &ap_scoreboard_image->servers[x][y];
@@ -527,7 +527,7 @@
AP_DECLARE(process_score *) ap_get_scoreboard_process(int x)
{
- if ((x < 0) || (server_limit < x)) {
+ if ((x < 0) || (x >= server_limit)) {
return(NULL); /* Out of range */
}
return &ap_scoreboard_image->parent[x];
@@ -540,7 +540,7 @@
AP_DECLARE(lb_score *) ap_get_scoreboard_lb(int lb_num)
{
- if (((lb_num < 0) || (lb_limit < lb_num))) {
+ if (lb_num < 0 || lb_num >= lb_limit) {
return(NULL); /* Out of range */
}
return &ap_scoreboard_image->balancers[lb_num];
