https://bz.apache.org/bugzilla/show_bug.cgi?id=61228
Bug ID: 61228
Summary: Possible Invalid Reference to Stack Memory
(modules/http/chunk_filters.c)
Product: Apache httpd-2
Version: 2.5-HEAD
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: All
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
Our tool has reported an invalid use of stack address, in function
`ap_http_chunk_filter` of modules/http/chunk_filters.c,
https://github.com/apache/httpd/blob/trunk/modules/http/chunk_filter.c#L137
e = apr_bucket_transient_create(chunk_hdr, hdr_len,
c->bucket_alloc);
APR_BRIGADE_INSERT_HEAD(b, e);
In the above code piece, chunk_hdr is a local variable, e->data will point to
chunk_hdr after `apr_bucket_transient_create`, and APR_BRIGADE_INSERT_HEAD
binds e with outside variable b (comes from function argument).
=> binds buf (it is stack memory in this case) with a new created bucket.
APR_DECLARE(apr_bucket *) apr_bucket_transient_make(apr_bucket *b,
const char *buf,
apr_size_t length)
{
b->data = (char *)buf;
b->length = length;
b->start = 0;
b->type = &apr_bucket_type_transient;
return b;
}
Anybody might have a look? thanks.
SourceBrella Inc.
Alex
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
