[
https://issues.apache.org/jira/browse/SVN-4782?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16667564#comment-16667564
]
Daniel Shahaf commented on SVN-4782:
------------------------------------
+1
Please commit this to trunk with an appropriate log message
(https://subversion.apache.org/docs/community-guide/conventions#log-messages).
For future reference, please send patches to dev@; we don't use jira this way.
+1 for backport, assuming it merges cleanly.
Cheers,
Daniel
> Using (const char*)1 in Apache HTTP server modules as value for r->notes
> cause httpd to crash
> ---------------------------------------------------------------------------------------------
>
> Key: SVN-4782
> URL: https://issues.apache.org/jira/browse/SVN-4782
> Project: Subversion
> Issue Type: Bug
> Affects Versions: 1.9.7, trunk, 1.10.2
> Environment: All environments
> Reporter: Ruediger Pluem
> Priority: Major
> Labels: patch
> Attachments: notes_fix.diff
>
>
> *mod_authz_svn.c* and *mod_dav_svn.c* add keys to *r->notes* to memorize
> boolean states (*FORCE_AUTHN_NOTE*, *IN_SOME_AUTHN_NOTE*,
> *authz_svn-anon-ok*, *NO_MAP_TO_STORAGE_NOTE*). They use _(const char*)1_ as
> values for the keys. This causes any call to *apr_table_clone* for *r->notes*
> to crash with a SEGFAULT, because _(const char*)1_ is an invalid address.
> *mod_http2* in httpd calls *apr_table_clone* for *r->notes* and hence the
> httpd process crashes. The attached patch (against trunk) replaces the value
> of _(const char*)1_ in these cases with a value of _"1"_.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
