Bug 47215 - mod_substitute doesn't work if more than one substitute is specified with default options
Summary: mod_substitute doesn't work if more than one substitute is specified with def...
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_substitute (show other bugs)
Version: 2.2.11
Hardware: PC Linux
: P2 blocker (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
Depends on:
Reported: 2009-05-18 04:20 UTC by avpauls
Modified: 2010-01-23 07:18 UTC (History)
0 users

httpd.conf (33.15 KB, application/octet-stream)
2009-05-18 04:21 UTC, avpauls
core (957.62 KB, application/x-bzip)
2009-05-18 04:33 UTC, avpauls
httpd.spec (25.00 KB, text/x-rpm-spec)
2009-05-18 04:34 UTC, avpauls
strace result (211.52 KB, text/x-log)
2009-05-18 04:35 UTC, avpauls
index.html (72 bytes, text/plain)
2009-05-18 21:14 UTC, avpauls
noindex.html (3.89 KB, text/plain)
2009-05-21 21:10 UTC, avpauls

Note You need to log in before you can comment on or make changes to this bug.
Description avpauls 2009-05-18 04:20:51 UTC
OS: RHEL5.3 i386/x86_64

From httpd.conf:
LoadModule substitute_module modules/mod_substitute.so
<Location />
        AddOutputFilterByType SUBSTITUTE text/html
        Substitute "s|you|you+|"
        Substitute "s|HTTP|HTTP+|"

[root@test-el5-x86_64 apache]# wget
Connecting to connected.
HTTP request sent, awaiting response... No data received.

httpd process eats all available memory and exit with segmentation fault:
[Mon May 18 16:30:33 2009] [notice] child pid 13757 exit signal Segmentation fault (11), possible coredump in /tmp

If I use 'q' flag all works fine:
LoadModule substitute_module modules/mod_substitute.so
<Location />
        AddOutputFilterByType SUBSTITUTE text/html
        Substitute "s|you|you+|q"
        Substitute "s|HTTP|HTTP+|q"

httpd.conf, strace log, core file will be attached.
Comment 1 avpauls 2009-05-18 04:21:38 UTC
Created attachment 23679 [details]
Comment 2 avpauls 2009-05-18 04:33:33 UTC
Created attachment 23680 [details]
Comment 3 avpauls 2009-05-18 04:34:38 UTC
Created attachment 23681 [details]

httpd was built using attached spec file
Comment 4 avpauls 2009-05-18 04:35:44 UTC
Created attachment 23682 [details]
strace result
Comment 5 Ruediger Pluem 2009-05-18 09:37:34 UTC
Can you please also supply the html file that can be found at
Comment 6 avpauls 2009-05-18 21:14:17 UTC
Created attachment 23686 [details]

Really every file with substituted strings will cause described behavior.
Comment 7 Ruediger Pluem 2009-05-21 12:19:46 UTC
Sorry but I cannot reproduce this. What is the contents of /var/www/error/noindex.html?
The core dump isn't really helpful as it is very machine specific. Could you please analyse it on the machine where the crash happened and provide a backtrace?
Comment 8 avpauls 2009-05-21 21:07:14 UTC
Backtrace is not very informative (and all this information can be taken from "strace result"):
Loaded symbols for /lib64/libwrap.so.0
Reading symbols from /usr/lib64/php4/xmlrpc.so...done.
Loaded symbols for /usr/lib64/php4/xmlrpc.so
Core was generated by `/usr/sbin/httpd'.
Program terminated with signal 11, Segmentation fault.
[New process 21731]
#0  0x00002b0a07f59477 in memcpy () from /lib64/libc.so.6
(gdb) bt
#0  0x00002b0a07f59477 in memcpy () from /lib64/libc.so.6
Cannot access memory at address 0x7fffa4aeec78

backtrace for RHEL5 i386, RHES4 i386 looks the same.
What other info can I provide ?
Comment 9 avpauls 2009-05-21 21:10:05 UTC
Created attachment 23704 [details]

as requested, but i've already said that for me this issue is reproduced on every file with substituted strings
Comment 10 avpauls 2009-06-02 00:17:53 UTC
Is some other info required ?
Comment 11 Tom Donovan 2010-01-23 07:18:40 UTC
Reproduced problem on httpd 2.2.11
This was fixed by r766001 (httpd 2.2.12)