Re: Fix for Segfault with Apache and mod_perl
Yes, I'd like to do a 2.0.11 soon: We have a few bug fixes committed
since 2.0.10 and this crash fix seems like a good time to make a new
release.
I'll try to get the wheels in motion for an RC1 :-)
On Fri, 21 Jun 2019 at 08:56, Sam Vaughan wrote:
>
> That's great thanks Steve, much appreciated!
>
> Will there be a 2.0.11 release with this fix?
>
> Cheers,
>
> Sam
>
> > On 21 Jun 2019, at 5:38 pm, Steve Hay wrote:
> >
> > Thanks for the report, Sam (and to Joe for the fix). This is now
> > committed to mod_perl trunk:
> > http://svn.apache.org/viewvc?view=revision=1861755
> >
> > On Thu, 20 Jun 2019 at 09:07, Steve Hay wrote:
> >>
> >> Looks fine to me too. Will give it a test...
> >>
> >> On Thu, 20 Jun 2019 at 01:28, Philippe Chiasson
> >> wrote:
> >>>
> >>> Looks good to me
> >>>
> >>> Sent from the depths of my mind on an iPhone
> >>>
> On Jun 19, 2019, at 17:22, Sam Vaughan wrote:
>
> Hi mod_perl team,
>
> I reported a bug yesterday to the Apache team, describing a segfault
> that only happens if mod_perl is installed:
>
> https://bz.apache.org/bugzilla/show_bug.cgi?id=63516
>
> My impression was that it should be fixed in httpd2, but mod_perl is the
> only module that adds a configuration flag to the global
> ap_server_config_defines array, so it has been suggested that a one-line
> change go into the modperl_register_hooks() function instead:
>
> Index: src/modules/perl/mod_perl.c
> --- src/modules/perl/mod_perl.c.orig
> +++ src/modules/perl/mod_perl.c
> @@ -861,7 +861,7 @@
>
> /* for and Apache2->define("MODPERL2") */
> *(char **)apr_array_push(ap_server_config_defines) =
> -apr_pstrdup(p, "MODPERL2");
> +apr_pstrdup(ap_server_config_defines->pool, "MODPERL2");
>
> ap_hook_pre_config(modperl_hook_pre_config,
> NULL, NULL, APR_HOOK_MIDDLE);
>
> Essentially, the pool provided as an argument to this function doesn't
> have a long enough lifetime to safely be used as backing storage for the
> "MODPERL2" string. This change uses the pool that the
> ap_server_config_defines array itself was created in, thereby giving the
> "MODPERL2" string the same lifetime as the array it is being added to.
>
> As far as I can tell, this use-after-free bug has been sitting there for
> quite a few years now but Apache only segfaults if your OS is strict
> enough about reclaiming/unmapping freed memory.
>
> Currently, this issue causes httpd2 to segfault during startup the
> majority of the time on OpenBSD 6.5.
>
> I'd really appreciate it if someone could either confirm that the above
> patch is OK and apply it to mod_perl, or jump on the above Apache bug
> report and add a comment explaining why it isn't.
>
> Thanks!
>
> Sam
>
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@perl.apache.org
> For additional commands, e-mail: dev-h...@perl.apache.org
>
> >>>
> >>>
> >>> -
> >>> To unsubscribe, e-mail: dev-unsubscr...@perl.apache.org
> >>> For additional commands, e-mail: dev-h...@perl.apache.org
> >>>
>
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@perl.apache.org
> For additional commands, e-mail: dev-h...@perl.apache.org
>
-
To unsubscribe, e-mail: dev-unsubscr...@perl.apache.org
For additional commands, e-mail: dev-h...@perl.apache.org
Re: Fix for Segfault with Apache and mod_perl
That's great thanks Steve, much appreciated!
Will there be a 2.0.11 release with this fix?
Cheers,
Sam
> On 21 Jun 2019, at 5:38 pm, Steve Hay wrote:
>
> Thanks for the report, Sam (and to Joe for the fix). This is now
> committed to mod_perl trunk:
> http://svn.apache.org/viewvc?view=revision=1861755
>
> On Thu, 20 Jun 2019 at 09:07, Steve Hay wrote:
>>
>> Looks fine to me too. Will give it a test...
>>
>> On Thu, 20 Jun 2019 at 01:28, Philippe Chiasson wrote:
>>>
>>> Looks good to me
>>>
>>> Sent from the depths of my mind on an iPhone
>>>
On Jun 19, 2019, at 17:22, Sam Vaughan wrote:
Hi mod_perl team,
I reported a bug yesterday to the Apache team, describing a segfault that
only happens if mod_perl is installed:
https://bz.apache.org/bugzilla/show_bug.cgi?id=63516
My impression was that it should be fixed in httpd2, but mod_perl is the
only module that adds a configuration flag to the global
ap_server_config_defines array, so it has been suggested that a one-line
change go into the modperl_register_hooks() function instead:
Index: src/modules/perl/mod_perl.c
--- src/modules/perl/mod_perl.c.orig
+++ src/modules/perl/mod_perl.c
@@ -861,7 +861,7 @@
/* for and Apache2->define("MODPERL2") */
*(char **)apr_array_push(ap_server_config_defines) =
-apr_pstrdup(p, "MODPERL2");
+apr_pstrdup(ap_server_config_defines->pool, "MODPERL2");
ap_hook_pre_config(modperl_hook_pre_config,
NULL, NULL, APR_HOOK_MIDDLE);
Essentially, the pool provided as an argument to this function doesn't
have a long enough lifetime to safely be used as backing storage for the
"MODPERL2" string. This change uses the pool that the
ap_server_config_defines array itself was created in, thereby giving the
"MODPERL2" string the same lifetime as the array it is being added to.
As far as I can tell, this use-after-free bug has been sitting there for
quite a few years now but Apache only segfaults if your OS is strict
enough about reclaiming/unmapping freed memory.
Currently, this issue causes httpd2 to segfault during startup the
majority of the time on OpenBSD 6.5.
I'd really appreciate it if someone could either confirm that the above
patch is OK and apply it to mod_perl, or jump on the above Apache bug
report and add a comment explaining why it isn't.
Thanks!
Sam
-
To unsubscribe, e-mail: dev-unsubscr...@perl.apache.org
For additional commands, e-mail: dev-h...@perl.apache.org
>>>
>>>
>>> -
>>> To unsubscribe, e-mail: dev-unsubscr...@perl.apache.org
>>> For additional commands, e-mail: dev-h...@perl.apache.org
>>>
-
To unsubscribe, e-mail: dev-unsubscr...@perl.apache.org
For additional commands, e-mail: dev-h...@perl.apache.org
Re: Fix for Segfault with Apache and mod_perl
Thanks for the report, Sam (and to Joe for the fix). This is now
committed to mod_perl trunk:
http://svn.apache.org/viewvc?view=revision=1861755
On Thu, 20 Jun 2019 at 09:07, Steve Hay wrote:
>
> Looks fine to me too. Will give it a test...
>
> On Thu, 20 Jun 2019 at 01:28, Philippe Chiasson wrote:
> >
> > Looks good to me
> >
> > Sent from the depths of my mind on an iPhone
> >
> > > On Jun 19, 2019, at 17:22, Sam Vaughan wrote:
> > >
> > > Hi mod_perl team,
> > >
> > > I reported a bug yesterday to the Apache team, describing a segfault that
> > > only happens if mod_perl is installed:
> > >
> > > https://bz.apache.org/bugzilla/show_bug.cgi?id=63516
> > >
> > > My impression was that it should be fixed in httpd2, but mod_perl is the
> > > only module that adds a configuration flag to the global
> > > ap_server_config_defines array, so it has been suggested that a one-line
> > > change go into the modperl_register_hooks() function instead:
> > >
> > > Index: src/modules/perl/mod_perl.c
> > > --- src/modules/perl/mod_perl.c.orig
> > > +++ src/modules/perl/mod_perl.c
> > > @@ -861,7 +861,7 @@
> > >
> > > /* for and Apache2->define("MODPERL2") */
> > > *(char **)apr_array_push(ap_server_config_defines) =
> > > -apr_pstrdup(p, "MODPERL2");
> > > +apr_pstrdup(ap_server_config_defines->pool, "MODPERL2");
> > >
> > > ap_hook_pre_config(modperl_hook_pre_config,
> > >NULL, NULL, APR_HOOK_MIDDLE);
> > >
> > > Essentially, the pool provided as an argument to this function doesn't
> > > have a long enough lifetime to safely be used as backing storage for the
> > > "MODPERL2" string. This change uses the pool that the
> > > ap_server_config_defines array itself was created in, thereby giving the
> > > "MODPERL2" string the same lifetime as the array it is being added to.
> > >
> > > As far as I can tell, this use-after-free bug has been sitting there for
> > > quite a few years now but Apache only segfaults if your OS is strict
> > > enough about reclaiming/unmapping freed memory.
> > >
> > > Currently, this issue causes httpd2 to segfault during startup the
> > > majority of the time on OpenBSD 6.5.
> > >
> > > I'd really appreciate it if someone could either confirm that the above
> > > patch is OK and apply it to mod_perl, or jump on the above Apache bug
> > > report and add a comment explaining why it isn't.
> > >
> > > Thanks!
> > >
> > > Sam
> > >
> > >
> > > -
> > > To unsubscribe, e-mail: dev-unsubscr...@perl.apache.org
> > > For additional commands, e-mail: dev-h...@perl.apache.org
> > >
> >
> >
> > -
> > To unsubscribe, e-mail: dev-unsubscr...@perl.apache.org
> > For additional commands, e-mail: dev-h...@perl.apache.org
> >
-
To unsubscribe, e-mail: dev-unsubscr...@perl.apache.org
For additional commands, e-mail: dev-h...@perl.apache.org
Re: Fix for Segfault with Apache and mod_perl
Looks fine to me too. Will give it a test...
On Thu, 20 Jun 2019 at 01:28, Philippe Chiasson wrote:
>
> Looks good to me
>
> Sent from the depths of my mind on an iPhone
>
> > On Jun 19, 2019, at 17:22, Sam Vaughan wrote:
> >
> > Hi mod_perl team,
> >
> > I reported a bug yesterday to the Apache team, describing a segfault that
> > only happens if mod_perl is installed:
> >
> > https://bz.apache.org/bugzilla/show_bug.cgi?id=63516
> >
> > My impression was that it should be fixed in httpd2, but mod_perl is the
> > only module that adds a configuration flag to the global
> > ap_server_config_defines array, so it has been suggested that a one-line
> > change go into the modperl_register_hooks() function instead:
> >
> > Index: src/modules/perl/mod_perl.c
> > --- src/modules/perl/mod_perl.c.orig
> > +++ src/modules/perl/mod_perl.c
> > @@ -861,7 +861,7 @@
> >
> > /* for and Apache2->define("MODPERL2") */
> > *(char **)apr_array_push(ap_server_config_defines) =
> > -apr_pstrdup(p, "MODPERL2");
> > +apr_pstrdup(ap_server_config_defines->pool, "MODPERL2");
> >
> > ap_hook_pre_config(modperl_hook_pre_config,
> >NULL, NULL, APR_HOOK_MIDDLE);
> >
> > Essentially, the pool provided as an argument to this function doesn't have
> > a long enough lifetime to safely be used as backing storage for the
> > "MODPERL2" string. This change uses the pool that the
> > ap_server_config_defines array itself was created in, thereby giving the
> > "MODPERL2" string the same lifetime as the array it is being added to.
> >
> > As far as I can tell, this use-after-free bug has been sitting there for
> > quite a few years now but Apache only segfaults if your OS is strict enough
> > about reclaiming/unmapping freed memory.
> >
> > Currently, this issue causes httpd2 to segfault during startup the majority
> > of the time on OpenBSD 6.5.
> >
> > I'd really appreciate it if someone could either confirm that the above
> > patch is OK and apply it to mod_perl, or jump on the above Apache bug
> > report and add a comment explaining why it isn't.
> >
> > Thanks!
> >
> > Sam
> >
> >
> > -
> > To unsubscribe, e-mail: dev-unsubscr...@perl.apache.org
> > For additional commands, e-mail: dev-h...@perl.apache.org
> >
>
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@perl.apache.org
> For additional commands, e-mail: dev-h...@perl.apache.org
>
-
To unsubscribe, e-mail: dev-unsubscr...@perl.apache.org
For additional commands, e-mail: dev-h...@perl.apache.org
Re: Fix for Segfault with Apache and mod_perl
Looks good to me
Sent from the depths of my mind on an iPhone
> On Jun 19, 2019, at 17:22, Sam Vaughan wrote:
>
> Hi mod_perl team,
>
> I reported a bug yesterday to the Apache team, describing a segfault that
> only happens if mod_perl is installed:
>
> https://bz.apache.org/bugzilla/show_bug.cgi?id=63516
>
> My impression was that it should be fixed in httpd2, but mod_perl is the only
> module that adds a configuration flag to the global ap_server_config_defines
> array, so it has been suggested that a one-line change go into the
> modperl_register_hooks() function instead:
>
> Index: src/modules/perl/mod_perl.c
> --- src/modules/perl/mod_perl.c.orig
> +++ src/modules/perl/mod_perl.c
> @@ -861,7 +861,7 @@
>
> /* for and Apache2->define("MODPERL2") */
> *(char **)apr_array_push(ap_server_config_defines) =
> -apr_pstrdup(p, "MODPERL2");
> +apr_pstrdup(ap_server_config_defines->pool, "MODPERL2");
>
> ap_hook_pre_config(modperl_hook_pre_config,
>NULL, NULL, APR_HOOK_MIDDLE);
>
> Essentially, the pool provided as an argument to this function doesn't have a
> long enough lifetime to safely be used as backing storage for the "MODPERL2"
> string. This change uses the pool that the ap_server_config_defines array
> itself was created in, thereby giving the "MODPERL2" string the same lifetime
> as the array it is being added to.
>
> As far as I can tell, this use-after-free bug has been sitting there for
> quite a few years now but Apache only segfaults if your OS is strict enough
> about reclaiming/unmapping freed memory.
>
> Currently, this issue causes httpd2 to segfault during startup the majority
> of the time on OpenBSD 6.5.
>
> I'd really appreciate it if someone could either confirm that the above patch
> is OK and apply it to mod_perl, or jump on the above Apache bug report and
> add a comment explaining why it isn't.
>
> Thanks!
>
> Sam
>
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@perl.apache.org
> For additional commands, e-mail: dev-h...@perl.apache.org
>
-
To unsubscribe, e-mail: dev-unsubscr...@perl.apache.org
For additional commands, e-mail: dev-h...@perl.apache.org
Fix for Segfault with Apache and mod_perl
Hi mod_perl team,
I reported a bug yesterday to the Apache team, describing a segfault that only
happens if mod_perl is installed:
https://bz.apache.org/bugzilla/show_bug.cgi?id=63516
My impression was that it should be fixed in httpd2, but mod_perl is the only
module that adds a configuration flag to the global ap_server_config_defines
array, so it has been suggested that a one-line change go into the
modperl_register_hooks() function instead:
Index: src/modules/perl/mod_perl.c
--- src/modules/perl/mod_perl.c.orig
+++ src/modules/perl/mod_perl.c
@@ -861,7 +861,7 @@
/* for and Apache2->define("MODPERL2") */
*(char **)apr_array_push(ap_server_config_defines) =
-apr_pstrdup(p, "MODPERL2");
+apr_pstrdup(ap_server_config_defines->pool, "MODPERL2");
ap_hook_pre_config(modperl_hook_pre_config,
NULL, NULL, APR_HOOK_MIDDLE);
Essentially, the pool provided as an argument to this function doesn't have a
long enough lifetime to safely be used as backing storage for the "MODPERL2"
string. This change uses the pool that the ap_server_config_defines array
itself was created in, thereby giving the "MODPERL2" string the same lifetime
as the array it is being added to.
As far as I can tell, this use-after-free bug has been sitting there for quite
a few years now but Apache only segfaults if your OS is strict enough about
reclaiming/unmapping freed memory.
Currently, this issue causes httpd2 to segfault during startup the majority of
the time on OpenBSD 6.5.
I'd really appreciate it if someone could either confirm that the above patch
is OK and apply it to mod_perl, or jump on the above Apache bug report and add
a comment explaining why it isn't.
Thanks!
Sam
-
To unsubscribe, e-mail: dev-unsubscr...@perl.apache.org
For additional commands, e-mail: dev-h...@perl.apache.org
