trawick 2004/03/21 16:58:52
Modified: . Tag: APU_0_9_BRANCH CHANGES
misc Tag: APU_0_9_BRANCH apr_rmm.c
test Tag: APU_0_9_BRANCH testrmm.c
Log:
backport this fix from apr-util 1.0:
Fix an occasional crash in apr_rmm_realloc().
PR: 22915
Submitted by: Jay Shrauner <shrauner inktomi.com>
Reviewed by: Jeff Trawick
Also added was logic in testrmm to find this sort of problem (it
segfaults without Jay's patch).
Revision Changes Path
No revision
No revision
1.117.2.5 +3 -0 apr-util/CHANGES
Index: CHANGES
===================================================================
RCS file: /home/cvs/apr-util/CHANGES,v
retrieving revision 1.117.2.4
retrieving revision 1.117.2.5
diff -u -r1.117.2.4 -r1.117.2.5
--- CHANGES 13 Feb 2004 09:52:41 -0000 1.117.2.4
+++ CHANGES 22 Mar 2004 00:58:51 -0000 1.117.2.5
@@ -1,5 +1,8 @@
Changes with APR-util 0.9.5
+ *) Fix occasional crash in apr_rmm_realloc(). PR 22915.
+ [Jay Shrauner <shrauner inktomi.com>]
+
*) The whole codebase was relicensed and is now available under
the Apache License, Version 2.0 (http://www.apache.org/licenses).
[Apache Software Foundation]
No revision
No revision
1.20.2.4 +6 -1 apr-util/misc/apr_rmm.c
Index: apr_rmm.c
===================================================================
RCS file: /home/cvs/apr-util/misc/apr_rmm.c,v
retrieving revision 1.20.2.3
retrieving revision 1.20.2.4
diff -u -r1.20.2.3 -r1.20.2.4
--- apr_rmm.c 17 Mar 2004 04:26:06 -0000 1.20.2.3
+++ apr_rmm.c 22 Mar 2004 00:58:52 -0000 1.20.2.4
@@ -321,6 +321,8 @@
{
apr_rmm_off_t this;
apr_rmm_off_t old;
+ struct rmm_block_t *blk;
+ apr_size_t oldsize;
if (!entity) {
return apr_rmm_malloc(rmm, reqsize);
@@ -333,8 +335,11 @@
return this;
}
+ blk = (rmm_block_t*)((char*)rmm->base + old);
+ oldsize = blk->size;
+
memcpy(apr_rmm_addr_get(rmm, this),
- apr_rmm_addr_get(rmm, old), reqsize);
+ apr_rmm_addr_get(rmm, old), oldsize < reqsize ? oldsize :
reqsize);
apr_rmm_free(rmm, old);
return this;
No revision
No revision
1.3.2.3 +22 -0 apr-util/test/testrmm.c
Index: testrmm.c
===================================================================
RCS file: /home/cvs/apr-util/test/testrmm.c,v
retrieving revision 1.3.2.2
retrieving revision 1.3.2.3
diff -u -r1.3.2.2 -r1.3.2.3
--- testrmm.c 17 Mar 2004 04:26:06 -0000 1.3.2.2
+++ testrmm.c 22 Mar 2004 00:58:52 -0000 1.3.2.3
@@ -42,6 +42,7 @@
apr_size_t size, fragsize;
apr_rmm_off_t *off;
int i;
+ void *entity;
rv = apr_pool_create(&pool, parpool);
if (rv != APR_SUCCESS) {
@@ -156,6 +157,27 @@
printf("Freeing large segment............................");
apr_rmm_free(rmm, off[0]);
+ fprintf(stdout, "OK\n");
+
+ printf("Checking realloc.................................");
+ off[0] = apr_rmm_calloc(rmm, SHARED_SIZE - 100);
+ off[1] = apr_rmm_calloc(rmm, 100);
+ if (off[0] == 0 || off[1] == 0) {
+ printf("FAILED\n");
+ return APR_EINVAL;
+ }
+ entity = apr_rmm_addr_get(rmm, off[1]);
+ rv = apr_rmm_free(rmm, off[0]);
+ if (rv != APR_SUCCESS) {
+ printf("FAILED\n");
+ return rv;
+ }
+ /* now we can realloc off[1] and get many more bytes */
+ off[0] = apr_rmm_realloc(rmm, entity, SHARED_SIZE - 100);
+ if (off[0] == 0) {
+ printf("FAILED\n");
+ return APR_EINVAL;
+ }
fprintf(stdout, "OK\n");
printf("Destroying rmm segment...........................");
