| Summary: | Invalid memory access on ap_server_config_defines | ||
|---|---|---|---|
| Product: | Apache httpd-2 | Reporter: | Armin Abfalterer <a.abfalterer> |
| Component: | Core | Assignee: | Apache HTTPD Bugs Mailing List <bugs> |
| Status: | RESOLVED FIXED | ||
| Severity: | critical | CC: | micha, stgrein |
| Priority: | P2 | Keywords: | FixedInTrunk |
| Version: | 2.4.10 | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Attachments: | Patch to dump elements of ap_server_config_defines after a graceful restart, includes also fix for the problem | ||
Committed in r1643825. I first misread your patch and started working on a much more complicated one, until I realized yours was the minimal/only change needed. Thanks for the analysis and patch Armin, will propose it for 2.4.x. *** Bug 56008 has been marked as a duplicate of this bug. *** |
Created attachment 32268 [details] Patch to dump elements of ap_server_config_defines after a graceful restart, includes also fix for the problem == Reproduction == 1) Find attached a patch for server/core.c that dumps the elements of ap_server_config_defines after a graceful restart. 2) Define some variables in httpd.conf, e.g. Define arg1=val1 Define arg2=val2 Define arg3=val4 3) By doing some graceful restarts (5-10 times), the increasing number of array elements with invalid memory references can be observerd. The problem can be reproduced each time. == Explanation == After a graceful restart, the reset_config_defines() function in server/core.c resets ap_server_config_defines back to its original pointer saved_server_config_defines. Henceforth, variable definitions (by means of Define) are stored in the original array, and thus, leading to invalid memory access upon next graceful restarts. == Solution == A fix to the problem can be found in the provided patch file and be enabled by setting the macro constant WITH_FIX to 1. Regards, Armin