Bug 47215

Summary: mod_substitute doesn't work if more than one substitute is specified with default options
Product: Apache httpd-2 Reporter: avpauls
Component: mod_substituteAssignee: Apache HTTPD Bugs Mailing List <bugs>
Status: RESOLVED FIXED    
Severity: blocker    
Priority: P2    
Version: 2.2.11   
Target Milestone: ---   
Hardware: PC   
OS: Linux   
Attachments: httpd.conf
core
httpd.spec
strace result
index.html
noindex.html

Description avpauls 2009-05-18 04:20:51 UTC
OS: RHEL5.3 i386/x86_64
httpd-2.2.11

From httpd.conf:
LoadModule substitute_module modules/mod_substitute.so
<Location />
        AddOutputFilterByType SUBSTITUTE text/html
        Substitute "s|you|you+|"
        Substitute "s|HTTP|HTTP+|"
</Location>

[root@test-el5-x86_64 apache]# wget http://10.60.180.30/
--18:13:23--  http://10.60.180.30/
Connecting to 10.60.180.30:80... connected.
HTTP request sent, awaiting response... No data received.

httpd process eats all available memory and exit with segmentation fault:
[Mon May 18 16:30:33 2009] [notice] child pid 13757 exit signal Segmentation fault (11), possible coredump in /tmp

If I use 'q' flag all works fine:
LoadModule substitute_module modules/mod_substitute.so
<Location />
        AddOutputFilterByType SUBSTITUTE text/html
        Substitute "s|you|you+|q"
        Substitute "s|HTTP|HTTP+|q"
</Location>

httpd.conf, strace log, core file will be attached.
Comment 1 avpauls 2009-05-18 04:21:38 UTC
Created attachment 23679 [details]
httpd.conf
Comment 2 avpauls 2009-05-18 04:33:33 UTC
Created attachment 23680 [details]
core
Comment 3 avpauls 2009-05-18 04:34:38 UTC
Created attachment 23681 [details]
httpd.spec

httpd was built using attached spec file
Comment 4 avpauls 2009-05-18 04:35:44 UTC
Created attachment 23682 [details]
strace result
Comment 5 Ruediger Pluem 2009-05-18 09:37:34 UTC
Can you please also supply the html file that can be found at  http://10.60.180.30/?
Comment 6 avpauls 2009-05-18 21:14:17 UTC
Created attachment 23686 [details]
index.html

Really every file with substituted strings will cause described behavior.
Comment 7 Ruediger Pluem 2009-05-21 12:19:46 UTC
Sorry but I cannot reproduce this. What is the contents of /var/www/error/noindex.html?
The core dump isn't really helpful as it is very machine specific. Could you please analyse it on the machine where the crash happened and provide a backtrace?
Comment 8 avpauls 2009-05-21 21:07:14 UTC
Backtrace is not very informative (and all this information can be taken from "strace result"):
...
Loaded symbols for /lib64/libwrap.so.0
Reading symbols from /usr/lib64/php4/xmlrpc.so...done.
Loaded symbols for /usr/lib64/php4/xmlrpc.so
Core was generated by `/usr/sbin/httpd'.
Program terminated with signal 11, Segmentation fault.
[New process 21731]
#0  0x00002b0a07f59477 in memcpy () from /lib64/libc.so.6
(gdb) bt
#0  0x00002b0a07f59477 in memcpy () from /lib64/libc.so.6
Cannot access memory at address 0x7fffa4aeec78
(gdb)




backtrace for RHEL5 i386, RHES4 i386 looks the same.
What other info can I provide ?
Comment 9 avpauls 2009-05-21 21:10:05 UTC
Created attachment 23704 [details]
noindex.html

as requested, but i've already said that for me this issue is reproduced on every file with substituted strings
Comment 10 avpauls 2009-06-02 00:17:53 UTC
Is some other info required ?
Comment 11 Tom Donovan 2010-01-23 07:18:40 UTC
Reproduced problem on httpd 2.2.11
This was fixed by r766001 (httpd 2.2.12)