search

jvandal / modwsgi

Automatically exported from code.google.com/p/modwsgi
0 stars 0 forks source link

This is not an apache issue ;) #209

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
This is not an apache issue ;) 
SEE https://issues.apache.org/bugzilla/show_bug.cgi?id=49847 (which is exactly 
what I expected them to say :) ).

Ok so correct me If I got this wrong but in mod_wsgi 
apr_pcalloc used throughout the code base.
This can return a void * mem can in some situations will not be allocated 
memory.

I think I got this wrong - and please do tell me if this is the case ( I 
suspect this because I had a quick look around and most modules are not 
checking this...)  :-)

APR_DECLARE(void *) apr_pcalloc(apr_pool_t *pool, apr_size_t size);
APR_DECLARE(void *) apr_pcalloc(apr_pool_t *pool, apr_size_t size)
{
    void *mem;

    if ((mem = apr_palloc(pool, size)) != NULL) {
        memset(mem, 0, size);
    }

    return mem;
}

NOTE: apr_palloc can return NULL.

In this case you return original the void pointer mem which has not been 
allocated any memory to play with :) - this can be problematic and there are a 
number of places in the code where problems can occur if this is so.

Original issue reported on code.google.com by db.pub.m...@gmail.com on 1 Sep 2010 at 3:21

GoogleCodeExporter commented 8 years ago 
Don't create new issues. Add your comments to the existing issue 208.

I said take it up with the 'Apache developers list', meaning the 'Apache HTTPD 
developers list'. I didn't suggest logging a bug report and certainly not 
something against the Apache runtime library product, which is distinct from 
the Apache HTTPD project with HTTPD merely being a user of that library.

The issue still remains, that Apache HTTPD code itself doesn't check return 
values from memory pool allocations. I use the exact same pool that Apache 
HTTPD code creates for a request. I don't create my own memory pools.

As such, I am following the existing practice that Apache HTTPD itself follows 
and will be continue to be guided by what they do. If you can get them to 
change how they do things in there code then you will get more traction as far 
as me changing the code.

Right now though, there is just as much risk, if not more, that exhaustion of 
memory will cause HTTPD itself to crash before mod_wsgi code crashes, because 
they have many many more calls that are unchecked that I do and many of them 
preceding mod_wsgi even getting to run for a request.

So, go to:

  http://httpd.apache.org/lists.html

and get yourself on:

  dev@httpd.apache.org

and ask the HTTPD developers as a matter of policy why they do not check the 
pointer returned from calls to allocate memory from pools.

Also validate whether or not HTTPD sets an abort_fn on the memory pool 
allocated for a request. I cant see that it is, but it may and if it does and 
it causes process exit in some way, your complaints are meaningless as the 
function would never return in the first place as process would be killed.

I am on that HTTPD developers list so will see any discussion.

Original comment by Graham.Dumpleton@gmail.com on 1 Sep 2010 at 3:42