apr-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 59711] double free issue in apr_app.c and start.c on Windows
Date Wed, 15 Jun 2016 22:47:16 GMT

--- Comment #3 from Stefan <luke1410@gmx.de> ---
Looks like the provided initial patch only resolves half of the problem. The
double free is resolved, but the testapp.exe still crashes / triggers an
exception if _environ is replaced with some content.

The problem for this case is that the runtime uninitialize-handling for the
_environ-variable iterates over the separate elements and frees each separate
element. However, since the APR code allocates a single block with
apr_malloc_dbg the entire allocated memory is freed upon the first call
already. Trying to access the second element's pointer then triggers a runtime
access due to the access violation.

Hence to make the code work with the new handling in the VS runtime, we would
have to rewrite the allocation handling in apr_app.c/start.c. This would be
quite a code change which would exceed the code changes suggested/pointed out
in the proof-of-concept patch. Hence, IMO fixing the issue with the alternative
appraoch is more reasonable (especially since a rewrite of the allocation
handling would most likely require different versions based on the different VS

You are receiving this mail because:
You are the assignee for the bug.

To unsubscribe, e-mail: bugs-unsubscribe@apr.apache.org
For additional commands, e-mail: bugs-help@apr.apache.org

View raw message