Bug 44641

Created attachment 21691 [details]
mod_rewrite mapfunc_hash hash_make patch

I checked trunk, and this problem still exists there.

ap_register_rewrite_mapfunc calls apr_hash_set on a hashtable.  However, mod_rewrite registers ap_register_rewrite_mapfunc as an optional function before the hashtable is initialized with apr_hash_make.  That makes the ap_register_rewrite_mapfunc function available to other modules before the memory is initialized.

I found this out when writing a custom module that registers a function with ap_register_rewrite_mapfunc.  My module has to do it in the pre_config stage, because mod_rewrite requires the map function to be registered before it reads a config line referencing it.

If I have in the apache config a LoadModule of my module before a LoadModule of mod_rewrite, then I get a segmentation fault in the pre-config stage, because it's dereferencing a null pointer to a non-existent hashtable.  If I change the order of the LoadModule commands to load mod_rewrite first, then it works fine.  If I have LoadModule of my module first, the segmentation fault happens even though I register my hook to happen after mod_rewrite, like this:

    static const char * const preModules[] = { "mod_rewrite.c", NULL };
    ap_hook_pre_config(register_rewrite_whitelist_functions,
			preModules,NULL,APR_HOOK_MIDDLE);

I fixed the problem with the mod_rewrite.c patch I'm including (-1 code line, +1 code line).  With this patch applied, I do not even have to list mod_rewrite.c to be run first in the pre_config stage; my module can be like this:

    ap_hook_pre_config(register_rewrite_whitelist_functions,
			NULL,NULL,APR_HOOK_MIDDLE);

With the patch I'm attaching applied, and with my module using the pre_config hook without listing mod_rewrite.c, I get no segmentation fault, even if my module is LoadModule'd first.

I think this should be fixed in trunk, and backported to 2.2 and 2.0.