The following reply was made to PR general/2245; it has been noted by GNATS.
From: "Dietz, Phil E." <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Cc: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
Subject: RE: general/2245: Insure memory checker found errors
Date: Tue, 26 May 1998 12:27:51 -0500
Here are a few of the errors from my preliminary test.
We'll call this test 1.0 05/26/98.
I'll post more as I can test more features.
[http_main.c:985] **WRITE_DANGLING**
>> ap_scoreboard_image->servers[my_child_num].timeout_len = x;
Writing to a dangling pointer: ap_scoreboard_image
Pointer : 0xc271c000
In block: 0xc271c000 thru 0xc271d403 (5124 bytes)
block allocated at:
shmat() (interface)
setup_shared_mem() http_main.c, 1622
reinit_scoreboard() http_main.c, 1735
standalone_main() http_main.c, 3775
main() http_main.c, 4039
stack trace where memory was freed:
shmctl() (interface)
setup_shared_mem() http_main.c, 1646
reinit_scoreboard() http_main.c, 1735
standalone_main() http_main.c, 3775
main() http_main.c, 4039
Stack trace where the error occurred:
ap_set_callback_and_alarm() http_main.c, 985
ap_kill_timeout() http_main.c, 1069
child_main() http_main.c, 3202
make_child() http_main.c, 3555
startup_children() http_main.c, 3582
standalone_main() http_main.c, 3802
main() http_main.c, 4039
[http_main.c:986] **WRITE_DANGLING**
>> ++ap_scoreboard_image->servers[my_child_num].cur_vtime;
Writing to a dangling pointer: ap_scoreboard_image
Pointer : 0xc271c000
In block: 0xc271c000 thru 0xc271d403 (5124 bytes)
block allocated at:
shmat() (interface)
setup_shared_mem() http_main.c, 1622
reinit_scoreboard() http_main.c, 1735
standalone_main() http_main.c, 3775
main() http_main.c, 4039
stack trace where memory was freed:
shmctl() (interface)
setup_shared_mem() http_main.c, 1646
reinit_scoreboard() http_main.c, 1735
standalone_main() http_main.c, 3775
main() http_main.c, 4039
Stack trace where the error occurred:
ap_set_callback_and_alarm() http_main.c, 986
ap_kill_timeout() http_main.c, 1069
child_main() http_main.c, 3202
make_child() http_main.c, 3555
startup_children() http_main.c, 3582
standalone_main() http_main.c, 3802
main() http_main.c, 4039
[http_main.c:3209] **READ_DANGLING**
>> if (ap_scoreboard_image->global.exit_generation >= generation) {
Reading from a dangling pointer: ap_scoreboard_image
Pointer : 0xc271c000
In block: 0xc271c000 thru 0xc271d403 (5124 bytes)
block allocated at:
shmat() (interface)
setup_shared_mem() http_main.c, 1622
reinit_scoreboard() http_main.c, 1735
standalone_main() http_main.c, 3775
main() http_main.c, 4039
stack trace where memory was freed:
shmctl() (interface)
setup_shared_mem() http_main.c, 1646
reinit_scoreboard() http_main.c, 1735
standalone_main() http_main.c, 3775
main() http_main.c, 4039
Stack trace where the error occurred:
child_main() http_main.c, 3209
make_child() http_main.c, 3555
startup_children() http_main.c, 3582
standalone_main() http_main.c, 3802
main() http_main.c, 4039
[mod_setenvif.c:361] **PARM_NULL**
>> if (!regexec(b->preg, val, 0, NULL, 0)) {
Array parameter is null: pmatch
Stack trace where the error occurred:
regexec()
match_headers() mod_setenvif.c, 361
run_method() http_config.c, 352
ap_run_post_read_request() http_config.c, 394
ap_read_request() http_protocol.c, 800
child_main() http_main.c, 3427
make_child() http_main.c, 3555
startup_children() http_main.c, 3582
standalone_main() http_main.c, 3802
main() http_main.c, 4039
[regexec.c:137] **PARM_NULL**
>> return(smatcher(g, (char *)string, nmatch, pmatch,
eflags));
Array parameter is null: pmatch
Stack trace where the error occurred:
smatcher()
regexec() regexec.c, 137
match_headers() mod_setenvif.c, 361
run_method() http_config.c, 352
ap_run_post_read_request() http_config.c, 394
ap_read_request() http_protocol.c, 800
child_main() http_main.c, 3427
make_child() http_main.c, 3555
startup_children() http_main.c, 3582
standalone_main() http_main.c, 3802
main() http_main.c, 4039
[mod_session.c:1033] **PARM_NULL**
>> if (!regexec(regexps->expression, arg, 0, NULL, 0))
Array parameter is null: pmatch
Stack trace where the error occurred:
regexec()
session_match_iterate() mod_session.c, 1033
session_check_valid_entry() mod_session.c, 1052
session_fixup() mod_session.c, 1266
run_method() http_config.c, 352
ap_run_fixups() http_config.c, 379
process_request_internal() http_request.c, 1144
ap_process_request() http_request.c, 1166
child_main() http_main.c, 3435
make_child() http_main.c, 3555
startup_children() http_main.c, 3582
standalone_main() http_main.c, 3802
main() http_main.c, 4039
[http_main.c:3449] **READ_DANGLING**
>> if (ap_scoreboard_image->global.exit_generation >=
generation) {
Reading from a dangling pointer: ap_scoreboard_image
Pointer : 0xc271c000
In block: 0xc271c000 thru 0xc271d403 (5124 bytes)
block allocated at:
shmat() (interface)
setup_shared_mem() http_main.c, 1622
reinit_scoreboard() http_main.c, 1735
standalone_main() http_main.c, 3775
main() http_main.c, 4039
stack trace where memory was freed:
shmctl() (interface)
setup_shared_mem() http_main.c, 1646
reinit_scoreboard() http_main.c, 1735
standalone_main() http_main.c, 3775
main() http_main.c, 4039
Stack trace where the error occurred:
child_main() http_main.c, 3449
make_child() http_main.c, 3555
startup_children() http_main.c, 3582
standalone_main() http_main.c, 3802
main() http_main.c, 4039
[mod_log_config.c:387] **WRITE_OVERFLOW**
>> strftime(tstr, MAX_STRING_LEN, "[%d/%b/%Y:%H:%M:%S ", t);
Writing overflows memory: <argument 1>
bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb
| 592 | 7600 | 592 |
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
Writing (w) : 0x7b033b78 thru 0x7b035b77 (8192 bytes)
To block (b) : 0x7b033928 thru 0x7b035927 (8192 bytes)
l, declared at http_protocol.c, 629
Stack trace where the error occurred:
strftime()
log_request_time() mod_log_config.c, 387
process_item() mod_log_config.c, 661
config_log_transaction() mod_log_config.c, 705
multi_log_transaction() mod_log_config.c, 757
run_method() http_config.c, 352
ap_log_transaction() http_config.c, 384
ap_process_request() http_request.c, 1181
timeout() http_main.c, 3435
** routines not compiled with insight **
alrm_handler() http_main.c, 949
** routines not compiled with insight **
ap_read() buff.c, 238
buff_read() buff.c, 256
saferead_guts() buff.c, 568
read_with_errors() buff.c, 619
ap_bgets() buff.c, 771
getline() http_protocol.c, 542
read_request_line() http_protocol.c, 650
ap_read_request() http_protocol.c, 778
child_main() http_main.c, 3427
make_child() http_main.c, 3555
startup_children() http_main.c, 3582
standalone_main() http_main.c, 3802
main() http_main.c, 4039
