Details
Description
mod_authz_svn.c and mod_dav_svn.c add keys to r->notes to memorize boolean states (FORCE_AUTHN_NOTE, IN_SOME_AUTHN_NOTE, authz_svn-anon-ok, NO_MAP_TO_STORAGE_NOTE). They use (const char*)1 as values for the keys. This causes any call to apr_table_clone for r->notes to crash with a SEGFAULT, because (const char*)1 is an invalid address. mod_http2 in httpd calls apr_table_clone for r->notes and hence the httpd process crashes. The attached patch (against trunk) replaces the value of (const char*)1 in these cases with a value of "1".