www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Saccoccio <r...@InfiniteTechnology.com>
Subject apache-api/2252: add_cgi_vars() doesn't destroy memory allocated by sub_req_lookup_uri()
Date Tue, 19 May 1998 13:47:48 GMT

>Number:         2252
>Category:       apache-api
>Synopsis:       add_cgi_vars() doesn't destroy memory allocated by sub_req_lookup_uri()
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Tue May 19 06:50:00 PDT 1998
>Originator:     robs@InfiniteTechnology.com
>Release:        1.2.6 & 1.3b5
The problem report is based upon source code.
add_cgi_vars() doesn't call destroy_sub_req(pa_req) to
destroy the memory allocated to the subrequest by 

A comment in the code makes it pretty clear:

	/* Don't bother destroying pa_req --- it's only
	created in * child processes which are about to
	jettison their address * space anyway.  BTW, we
	concatenate filename and path_info * from the
	sub_request to be compatible in case the PATH_INFO *
	is pointing to an object which doesn't exist. */ .

This function is used by the fastcgi module, and
its address space is not jettisoned upon completion
of the request.  The problem is in both the v1.3b5 and
1.2.6 baselines.
Have a look at add_cgi_vars() in util_script.c.  Its quite obvious.
Add "destroy_sub_req(pa_req);" after the "if (pa_req->filename) {...}"
[In order for any reply to be added to the PR database, ]
[you need to include <apbugs@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED.  This is not done]
[automatically because of the potential for mail loops. ]

View raw message