_apache._global_lock results in segfault when index > number of mutexes
-----------------------------------------------------------------------
Key: MODPYTHON-58
URL: http://issues.apache.org/jira/browse/MODPYTHON-58
Project: mod_python
Type: Bug
Components: core
Versions: 3.1.3, 3.2.0, 3.1.4
Environment: All
Reporter: Jim Gallacher
Priority: Minor
All of the following calls will cause a segfault when the index is greater than
the number of global mutexes available or index < -1.
eg. 32 mutexes created on apache startup
index = 100
_apache._global_lock(req.server, None, index)
_global_unlock(req.server, None, index)
_apache._global_trylock(req.server, None, index)
For all of the corresponding functions in _apachemodule.c, the value of index
is not checked before using it to access the contents of the global array of
mutex locks.
eg.
rv = apr_global_mutex_lock(glb->g_locks[index]);
I'll attach a patch for all three functions that does this check.
eg.
if ((index > (glb->nlocks)) || (index < -1)) {
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
"Index %d is out of range for number of global mutex
locks", index);
PyErr_SetString(PyExc_ValueError,
"Lock index is out of range for number of global mutex
locks");
return NULL;
}
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
