Bug 47215 - mod_substitute doesn't work if more than one substitute is specified with default options
Summary: mod_substitute doesn't work if more than one substitute is specified with def...
Status: RESOLVED FIXED
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_substitute (show other bugs)
Version: 2.2.11
Hardware: PC Linux
: P2 blocker (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-05-18 04:20 UTC by avpauls
Modified: 2010-01-23 07:18 UTC (History)
0 users



Attachments
httpd.conf (33.15 KB, application/octet-stream)
2009-05-18 04:21 UTC, avpauls
Details
core (957.62 KB, application/x-bzip)
2009-05-18 04:33 UTC, avpauls
Details
httpd.spec (25.00 KB, text/x-rpm-spec)
2009-05-18 04:34 UTC, avpauls
Details
strace result (211.52 KB, text/x-log)
2009-05-18 04:35 UTC, avpauls
Details
index.html (72 bytes, text/plain)
2009-05-18 21:14 UTC, avpauls
Details
noindex.html (3.89 KB, text/plain)
2009-05-21 21:10 UTC, avpauls
Details

Note You need to log in before you can comment on or make changes to this bug.
Description avpauls 2009-05-18 04:20:51 UTC
OS: RHEL5.3 i386/x86_64
httpd-2.2.11

From httpd.conf:
LoadModule substitute_module modules/mod_substitute.so
<Location />
        AddOutputFilterByType SUBSTITUTE text/html
        Substitute "s|you|you+|"
        Substitute "s|HTTP|HTTP+|"
</Location>

[root@test-el5-x86_64 apache]# wget http://10.60.180.30/
--18:13:23--  http://10.60.180.30/
Connecting to 10.60.180.30:80... connected.
HTTP request sent, awaiting response... No data received.

httpd process eats all available memory and exit with segmentation fault:
[Mon May 18 16:30:33 2009] [notice] child pid 13757 exit signal Segmentation fault (11), possible coredump in /tmp

If I use 'q' flag all works fine:
LoadModule substitute_module modules/mod_substitute.so
<Location />
        AddOutputFilterByType SUBSTITUTE text/html
        Substitute "s|you|you+|q"
        Substitute "s|HTTP|HTTP+|q"
</Location>

httpd.conf, strace log, core file will be attached.
Comment 1 avpauls 2009-05-18 04:21:38 UTC
Created attachment 23679 [details]
httpd.conf
Comment 2 avpauls 2009-05-18 04:33:33 UTC
Created attachment 23680 [details]
core
Comment 3 avpauls 2009-05-18 04:34:38 UTC
Created attachment 23681 [details]
httpd.spec

httpd was built using attached spec file
Comment 4 avpauls 2009-05-18 04:35:44 UTC
Created attachment 23682 [details]
strace result
Comment 5 Ruediger Pluem 2009-05-18 09:37:34 UTC
Can you please also supply the html file that can be found at  http://10.60.180.30/?
Comment 6 avpauls 2009-05-18 21:14:17 UTC
Created attachment 23686 [details]
index.html

Really every file with substituted strings will cause described behavior.
Comment 7 Ruediger Pluem 2009-05-21 12:19:46 UTC
Sorry but I cannot reproduce this. What is the contents of /var/www/error/noindex.html?
The core dump isn't really helpful as it is very machine specific. Could you please analyse it on the machine where the crash happened and provide a backtrace?
Comment 8 avpauls 2009-05-21 21:07:14 UTC
Backtrace is not very informative (and all this information can be taken from "strace result"):
...
Loaded symbols for /lib64/libwrap.so.0
Reading symbols from /usr/lib64/php4/xmlrpc.so...done.
Loaded symbols for /usr/lib64/php4/xmlrpc.so
Core was generated by `/usr/sbin/httpd'.
Program terminated with signal 11, Segmentation fault.
[New process 21731]
#0  0x00002b0a07f59477 in memcpy () from /lib64/libc.so.6
(gdb) bt
#0  0x00002b0a07f59477 in memcpy () from /lib64/libc.so.6
Cannot access memory at address 0x7fffa4aeec78
(gdb)




backtrace for RHEL5 i386, RHES4 i386 looks the same.
What other info can I provide ?
Comment 9 avpauls 2009-05-21 21:10:05 UTC
Created attachment 23704 [details]
noindex.html

as requested, but i've already said that for me this issue is reproduced on every file with substituted strings
Comment 10 avpauls 2009-06-02 00:17:53 UTC
Is some other info required ?
Comment 11 Tom Donovan 2010-01-23 07:18:40 UTC
Reproduced problem on httpd 2.2.11
This was fixed by r766001 (httpd 2.2.12)