trawick 2004/03/20 13:30:19
Modified: . CHANGES
misc apr_rmm.c
test testrmm.c
Log:
Fix an occasional crash in apr_rmm_realloc().
PR: 22915
Submitted by: Jay Shrauner <shrauner inktomi.com>
Reviewed by: Jeff Trawick
Also added was logic in testrmm to find this sort of problem (it
segfaults without Jay's patch).
Revision Changes Path
1.127 +3 -0 apr-util/CHANGES
Index: CHANGES
===================================================================
RCS file: /home/cvs/apr-util/CHANGES,v
retrieving revision 1.126
retrieving revision 1.127
diff -u -r1.126 -r1.127
--- CHANGES 15 Mar 2004 08:29:00 -0000 1.126
+++ CHANGES 20 Mar 2004 21:30:19 -0000 1.127
@@ -1,5 +1,8 @@
Changes with APR-util 1.0
+ *) Fix occasional crash in apr_rmm_realloc(). PR 22915.
+ [Jay Shrauner <shrauner inktomi.com>]
+
*) The whole codebase was relicensed and is now available under
the Apache License, Version 2.0 (http://www.apache.org/licenses).
[Apache Software Foundation]
1.24 +6 -1 apr-util/misc/apr_rmm.c
Index: apr_rmm.c
===================================================================
RCS file: /home/cvs/apr-util/misc/apr_rmm.c,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- apr_rmm.c 16 Mar 2004 18:17:33 -0000 1.23
+++ apr_rmm.c 20 Mar 2004 21:30:19 -0000 1.24
@@ -321,6 +321,8 @@
{
apr_rmm_off_t this;
apr_rmm_off_t old;
+ struct rmm_block_t *blk;
+ apr_size_t oldsize;
if (!entity) {
return apr_rmm_malloc(rmm, reqsize);
@@ -333,8 +335,11 @@
return this;
}
+ blk = (rmm_block_t*)((char*)rmm->base + old);
+ oldsize = blk->size;
+
memcpy(apr_rmm_addr_get(rmm, this),
- apr_rmm_addr_get(rmm, old), reqsize);
+ apr_rmm_addr_get(rmm, old), oldsize < reqsize ? oldsize :
reqsize);
apr_rmm_free(rmm, old);
return this;
1.6 +22 -0 apr-util/test/testrmm.c
Index: testrmm.c
===================================================================
RCS file: /home/cvs/apr-util/test/testrmm.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- testrmm.c 16 Mar 2004 18:17:33 -0000 1.5
+++ testrmm.c 20 Mar 2004 21:30:19 -0000 1.6
@@ -42,6 +42,7 @@
apr_size_t size, fragsize;
apr_rmm_off_t *off;
int i;
+ void *entity;
rv = apr_pool_create(&pool, parpool);
if (rv != APR_SUCCESS) {
@@ -156,6 +157,27 @@
printf("Freeing large segment............................");
apr_rmm_free(rmm, off[0]);
+ fprintf(stdout, "OK\n");
+
+ printf("Checking realloc.................................");
+ off[0] = apr_rmm_calloc(rmm, SHARED_SIZE - 100);
+ off[1] = apr_rmm_calloc(rmm, 100);
+ if (off[0] == 0 || off[1] == 0) {
+ printf("FAILED\n");
+ return APR_EINVAL;
+ }
+ entity = apr_rmm_addr_get(rmm, off[1]);
+ rv = apr_rmm_free(rmm, off[0]);
+ if (rv != APR_SUCCESS) {
+ printf("FAILED\n");
+ return rv;
+ }
+ /* now we can realloc off[1] and get many more bytes */
+ off[0] = apr_rmm_realloc(rmm, entity, SHARED_SIZE - 100);
+ if (off[0] == 0) {
+ printf("FAILED\n");
+ return APR_EINVAL;
+ }
fprintf(stdout, "OK\n");
printf("Destroying rmm segment...........................");
