>Number: 3476 >Category: general >Synopsis: subtle printf bug in http_core.c >Confidential: no >Severity: critical >Priority: medium >Responsible: apache >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Tue Dec 1 16:20:00 PST 1998 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.3.3 >Environment: This affects all platforms. >Description:
Line 2757 of http_core.c: ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, r, emsg); Needs to be: ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, r, "%s", emsg); In case emsg contains a "%" sign. In our case, emsg was "File does not exist: molecule%7.gif" and the httpd process went into an infinite loop in ap_snprintf() while trying to resolve %7.g as a float. >How-To-Repeat: >Fix: >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ] [If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request ] [from a developer. ] [Reply only with text; DO NOT SEND ATTACHMENTS! ]
