The code is as following. static int parse_ap_expr(include_ctx_t *ctx, const char *expr, int *was_error) { ap_expr_info_t expr_info ... ctx->info = &expr_info ... return ... } A stack address &expr_info is returned as a side effect.
The function is here: modules/filters/mod_include.c
Thanks for the report!
Did you ever see a symptom on this?
I have not seen any symptom, but it is indeed a dangerous operation.
Fixed in 2.4.25
(In reply to Eric Covener from comment #5) > Fixed in 2.4.25 I found a similar problem in "support/htpasswd.c". I have reported this issue in https://bz.apache.org/bugzilla/show_bug.cgi?id=60634