https://issues.apache.org/bugzilla/show_bug.cgi?id=44648
Summary: NPE when issuing a range request on files that are
greater than 2^32 bytes in size
Product: Apache httpd-2
Version: 2.2.8
Platform: PC
OS/Version: Windows XP
Status: NEW
Severity: major
Priority: P2
Component: Core
AssignedTo: [email protected]
ReportedBy: [EMAIL PROTECTED]
I have a simple module which handles certain urls and then issues a file
subrequest based on the url. I have found this crash with files that are
larger than 2^32 bytes.
I stepped into it with MS VS 2005. The error occurs in byterange_filter.c in
the libhttpd component.
Lines 266 to 282 execute a do while loop:
do {
apr_bucket *foo;
const char *str;
apr_size_t len;
if (apr_bucket_copy(ec, &foo) != APR_SUCCESS) {
/* As above; this should not fail since the bucket has
* a known length, but just to be sure, this takes
* care of uncopyable buckets that do somehow manage
* to slip through. */
/* XXX: check for failure? */
apr_bucket_read(ec, &str, &len, APR_BLOCK_READ);
apr_bucket_copy(ec, &foo);
}
APR_BRIGADE_INSERT_TAIL(bsend, foo);
ec = APR_BUCKET_NEXT(ec);
} while (ec != e2);
I get a bogus apr_bucket* near the end of the brigade. It has a null value for
the ec->type->copy variable, which is what apr_bucket_copy uses. A quick
change of the while condition to make it:
while (ec != e2 && ec->type->copy != NULL) fixed my problem, but I do not think
it is the proper thing to do.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
