Hi, Well, as usual, I couldn't resist about going deeper into the issue.
The issue is about suphp_discard_output() which calls apr_bucket_read() (= suphp_bucket_read() ) without freeing the data. So suphp_read_fd() is allocating more and more memory through apr_bucket_alloc(). suphp_read_fd() does not check if apr_bucket_alloc() failed to allocate memory (oh!) and then call apr_bucket_free() with a NULL pointer, which segfaults. Here is a patch for this bug, however I am not an Apache/suPHP internals guru and therefore I don't know if this is the correct way to fix this bug or if this patch fixes all possible memory leaks in this case. Regards, Sylvain
diff -Nru a/src/apache2/mod_suphp.c b/src/apache2/mod_suphp.c
--- a/src/apache2/mod_suphp.c 2009-08-03 14:38:38.000000000 +0000
+++ b/src/apache2/mod_suphp.c 2012-08-19 16:41:26.016032367 +0000
@@ -534,6 +534,7 @@
if (rv != APR_SUCCESS) {
break;
}
+ apr_bucket_free(rv);
}
}
signature.asc
Description: Digital signature
_______________________________________________ suPHP mailing list [email protected] https://lists.marsching.com/mailman/listinfo/suphp
