Any feedback on this patch? The bug it addresses exists in both 1.4.x and trunk.
Neil On Sat, Jan 16, 2010 at 5:30 PM, Neil Conway <[email protected]> wrote: > Attached is a refreshed version of this patch that applies against > current APR trunk (after the recent pollcb_wakeup() changes). The > patch is now pretty trivial. > > Note that if you want to backport this bug fix to the 1.4 branch, the > previous version of the patch should be used. But perhaps the easiest > route is to first backport the pollcb_wakeup() change, and then apply > this version of the patch. > > Neil > > On Wed, Jan 6, 2010 at 9:06 PM, Neil Conway <[email protected]> wrote: >> Attached is a slightly revised version of this patch. Changes: >> >> * Initialize the apr_pool_t field of the apr_pollfd_t we use for the >> wakeup pipe. Not clear what this field is actually used for (candidate >> for removal in APR2?), but we may as well be tidy. >> >> * Fix a minor bug in one of the versions of close_wakeup_pipe(): >> initialize both "rv0" and "rv1", to avoid potentially reading an >> uninitialized value. >> >> Neil >> >> On Wed, Jan 6, 2010 at 5:47 PM, Neil Conway <[email protected]> wrote: >>> apr_pollset_wakeup() is buggy when used with APR_POLLSET_NOCOPY, >>> because create_wakeup_pipe() passes a stack-allocated apr_pollfd_t to >>> apr_pollset_add(). This is unsafe if the user specified >>> APR_POLLSET_NOCOPY when creating the pollset. >>> >>> The attached patch fixes this by adding an apr_pollfd_t for the wakeup >>> pipe to apr_pollset_t, so that it has a sufficiently-long-lived >>> lifetime. >>> >>> Neil >>> >> >
