axis-c-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Mantaut (JIRA)" <>
Subject [jira] [Commented] (AXIS2C-1597) Memory corruption in axis2_http_transport_utils_process_accept_headers()
Date Wed, 14 Nov 2012 13:08:11 GMT


Alex Mantaut commented on AXIS2C-1597:

Hi Ivan, I don't have commit permits, but I'm testing some of the bugfixes... Can you create
a test that shows the bug?
> Memory corruption in axis2_http_transport_utils_process_accept_headers()
> ------------------------------------------------------------------------
>                 Key: AXIS2C-1597
>                 URL:
>             Project: Axis2-C
>          Issue Type: Bug
>          Components: transport/http
>    Affects Versions: Current (Nightly)
>            Reporter: Ivan Pechorin
>            Priority: Critical
>         Attachments: axis2-c-accept_record_list.patch
> There's an obvious bug/typo in src/core/transport/http/util/http_transport_utils.c in
function axis2_http_transport_utils_process_accept_headers().
> First, the "Accept:" header is tokenized into <accept_field_list>.
> Then in a loop (iterating over the accept_record_list):
> 1) each field is parsed into struct axis2_http_accept_record_t
> 2) the struct should be added into a list of records list, <accept_record_list>
> However, there's a typo here and the record is added into the same original list (<accept_field_list>),
not into the <accept_record_list>.
> This results in looping over and over the same list with 100% CPU load, and also memory
issues (because arbitrary not necessary 0-terminated pieces of memory are being strdup'ed).

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message