Thanks for the report, Sam (and to Joe for the fix). This is now committed to mod_perl trunk: http://svn.apache.org/viewvc?view=revision&revision=1861755
On Thu, 20 Jun 2019 at 09:07, Steve Hay <steve.m....@googlemail.com> wrote: > > Looks fine to me too. Will give it a test... > > On Thu, 20 Jun 2019 at 01:28, Philippe Chiasson <go...@ectoplasm.org> wrote: > > > > Looks good to me > > > > Sent from the depths of my mind on an iPhone > > > > > On Jun 19, 2019, at 17:22, Sam Vaughan <samjvaug...@gmail.com> wrote: > > > > > > Hi mod_perl team, > > > > > > I reported a bug yesterday to the Apache team, describing a segfault that > > > only happens if mod_perl is installed: > > > > > > https://bz.apache.org/bugzilla/show_bug.cgi?id=63516 > > > > > > My impression was that it should be fixed in httpd2, but mod_perl is the > > > only module that adds a configuration flag to the global > > > ap_server_config_defines array, so it has been suggested that a one-line > > > change go into the modperl_register_hooks() function instead: > > > > > > Index: src/modules/perl/mod_perl.c > > > --- src/modules/perl/mod_perl.c.orig > > > +++ src/modules/perl/mod_perl.c > > > @@ -861,7 +861,7 @@ > > > > > > /* for <IfDefine MODPERL2> and Apache2->define("MODPERL2") */ > > > *(char **)apr_array_push(ap_server_config_defines) = > > > - apr_pstrdup(p, "MODPERL2"); > > > + apr_pstrdup(ap_server_config_defines->pool, "MODPERL2"); > > > > > > ap_hook_pre_config(modperl_hook_pre_config, > > > NULL, NULL, APR_HOOK_MIDDLE); > > > > > > Essentially, the pool provided as an argument to this function doesn't > > > have a long enough lifetime to safely be used as backing storage for the > > > "MODPERL2" string. This change uses the pool that the > > > ap_server_config_defines array itself was created in, thereby giving the > > > "MODPERL2" string the same lifetime as the array it is being added to. > > > > > > As far as I can tell, this use-after-free bug has been sitting there for > > > quite a few years now but Apache only segfaults if your OS is strict > > > enough about reclaiming/unmapping freed memory. > > > > > > Currently, this issue causes httpd2 to segfault during startup the > > > majority of the time on OpenBSD 6.5. > > > > > > I'd really appreciate it if someone could either confirm that the above > > > patch is OK and apply it to mod_perl, or jump on the above Apache bug > > > report and add a comment explaining why it isn't. > > > > > > Thanks! > > > > > > Sam > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: dev-unsubscr...@perl.apache.org > > > For additional commands, e-mail: dev-h...@perl.apache.org > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@perl.apache.org > > For additional commands, e-mail: dev-h...@perl.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@perl.apache.org For additional commands, e-mail: dev-h...@perl.apache.org
