[#MODPYTHON-58] _apache._global_lock results in segfault when index > number of mutexes

mod_python

_apache._global_lock results in segfault when index > number of mutexes

Created: 02/Jun/05 12:43 AM Updated: 05/Mar/06 02:04 PM

Return to search

Component/s:

core

Affects Version/s:

3.1.3, 3.1.4, 3.2.7

Fix Version/s:

3.2.7

Time Tracking:

Not Specified

File Attachments:

	File Name	Date Attached	Attached By	Size
	apachemodule.c-jg20050601-1.diff	2005-06-02 12:58 AM	Jim Gallacher	2 kB

Environment:

All

Resolution Date:

10/Aug/05 07:59 PM

Description

« Hide

All of the following calls will cause a segfault when the index is greater than the number of global mutexes available or index < -1.

eg. 32 mutexes created on apache startup

index = 100
_apache._global_lock(req.server, None, index)
_global_unlock(req.server, None, index)
_apache._global_trylock(req.server, None, index)

For all of the corresponding functions in _apachemodule.c, the value of index is not checked before using it to access the contents of the global array of mutex locks.

eg.
    rv = apr_global_mutex_lock(glb->g_locks[index]);

I'll attach a patch for all three functions that does this check.

eg.

    if ((index >= (glb->nlocks)) || (index < -1)) {
        ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
                     "Index %d is out of range for number of global mutex locks", index);
        PyErr_SetString(PyExc_ValueError,
                        "Lock index is out of range for number of global mutex locks");
        return NULL;
    }

All

Comments

Work Log

Change History

Subversion Commits

Sort Order:

[ Permlink | « Hide ]

Jim Gallacher added a comment - 02/Jun/05 12:55 AM

Stupid off by one error in the example.

[ Permlink | « Hide ]

Jim Gallacher added a comment - 02/Jun/05 12:58 AM

Patch to fix issue is attached.

[ Permlink | « Hide ]

Jim Gallacher added a comment - 27/Jun/05 03:08 AM

Fix committed to subversion. This issue can now be closed.