I'm running xml2enc in a reverse proxy setup (Apache httpd 2.4.4, but
2.4.10 shows the same behavior). For a large response that the backend
sends, xml2enc_html_entity_fixups() is called with *bytesp == 4007511.
The repeated call of apr_pstrcat() in the while loop leads to the
consumption of all available memory. Apache then either aborts itself or
gets killed by the Linux OOM killer.
The only fix that I can think of is to manage the memory myself, see my
patch below. Is there a better way to fix this?
--- a/modules/filters/mod_xml2enc.c
+++ b/modules/filters/mod_xml2enc.c
@@ -610,10 +610,25 @@ static int xml2enc_html_entity_fixups(ap
bytes_processed += inlen;
assert((outlen >= 0) && (outlen <
XML2ENC_HTML_ENTITY_FIXUPS_WORKBUF_LENGTH));
workbuf[outlen] = 0; // add terminating zero byte
- result_buf = result_buf ? apr_pstrcat(f->r->pool, result_buf,
workbuf, NULL)
- : apr_pstrdup(f->r->pool, workbuf);
+
+ if (result_buf == NULL) {
+ result_buf = ap_malloc(outlen + 1);
+ strcpy(result_buf, workbuf);
+ }
+ else {
+ result_buf = ap_realloc(result_buf, result_size + outlen + 1);
+ strcat(result_buf, workbuf);
+ }
+
result_size += outlen;
}
+
+ if (result_buf) {
+ const char *old_result_buf = result_buf;
+ result_buf = apr_pstrdup(f->r->pool, old_result_buf);
+ free(old_result_buf);
+ }
+
*bufp = result_buf;
*bytesp = result_size;
return OK;
