Jim Jagielski wrote:
> Over the weekend I'll be doing some final things with the intent
> to tag and roll 2.2.12 on Monday...
I just realized that I still have one patch for 2.2.12 which fixes an
SSI-related bug causing a segfault when handling regex back-references
(see attachment).
I didn't propose it yet for inclusion in 2.2.12 as I didn't had the
chance to fix this in trunk yet. The code/api in trunk changed
and I don't know if this bug actually exists in trunk.
I don't know if I will have the time to do this over the weekend.
ciao...
--
Lars Eilebrecht
[email protected]
--- mod_include.c.orig 2008-12-17 14:27:41.000000000 +0000
+++ mod_include.c 2009-02-27 15:39:22.000000000 +0000
@@ -158,6 +158,7 @@
const char *rexp;
apr_size_t nsub;
ap_regmatch_t match[AP_MAX_REG_MATCH];
+ int have_match;
} backref_t;
typedef struct {
@@ -664,6 +665,11 @@
return NULL;
}
else {
+ if (!re->have_match ||
+ re->match[idx].rm_so < 0 || re->match[idx].rm_eo < 0) {
+ return NULL;
+ }
+
if (re->nsub < idx || idx >= AP_MAX_REG_MATCH) {
ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
"regex capture $%" APR_SIZE_T_FMT
@@ -672,10 +678,6 @@
return NULL;
}
- if (re->match[idx].rm_so < 0 || re->match[idx].rm_eo < 0) {
- return NULL;
- }
-
val = apr_pstrmemdup(ctx->dpool, re->source + re->match[idx].rm_so,
re->match[idx].rm_eo - re->match[idx].rm_so);
}
@@ -923,7 +925,6 @@
{
ap_regex_t *compiled;
backref_t *re = ctx->intern->re;
- int rc;
compiled = ap_pregcomp(ctx->dpool, rexp, AP_REG_EXTENDED);
if (!compiled) {
@@ -939,10 +940,11 @@
re->source = apr_pstrdup(ctx->pool, string);
re->rexp = apr_pstrdup(ctx->pool, rexp);
re->nsub = compiled->re_nsub;
- rc = !ap_regexec(compiled, string, AP_MAX_REG_MATCH, re->match, 0);
+ re->have_match = !ap_regexec(compiled, string, AP_MAX_REG_MATCH,
+ re->match, 0);
ap_pregfree(ctx->dpool, compiled);
- return rc;
+ return re->have_match;
}
static int get_ptoken(include_ctx_t *ctx, const char **parse, token_t *token, token_t *previous)
