search

ramkrishanbhatt / modwsgi

Automatically exported from code.google.com/p/modwsgi
0 stars 0 forks source link

Failure to check the result of apr_pcalloc throught the source code #208

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
Ok so correct me If I got this wrong but in mod_wsgi 
apr_pcalloc used throughout the code base.
This can return a void * mem can in some situations will not be allocated 
memory.

I think I got this wrong - and please do tell me if this is the case ( I 
suspect this because I had a quick look around and most modules are not 
checking this...)  :-)

APR_DECLARE(void *) apr_pcalloc(apr_pool_t *pool, apr_size_t size);
APR_DECLARE(void *) apr_pcalloc(apr_pool_t *pool, apr_size_t size)
{
    void *mem;

    if ((mem = apr_palloc(pool, size)) != NULL) {
        memset(mem, 0, size);
    }

    return mem;
}

NOTE: apr_palloc can return NULL.

In this case you return original the void pointer mem which has not been 
allocated any memory to play with :) - this can be problematic and there are a 
number of places in the code where problems can occur if this is so.

Original issue reported on code.google.com by db.pub.m...@gmail.com on 31 Aug 2010 at 5:15

GoogleCodeExporter commented 8 years ago 
These are calls against a memory pool system, not direct calls against standard 
system malloc. There are better guarantees that the memory will actually exist 
because of preallocation of memory when pool was constructed.

True, there is a small chance it could still fail, but if you are concerned 
about it, suggest you first go look at Apache source code itself. It has huge 
numbers of such calls in comparison to mod_wsgi and none of them are checked 
either. If you want to question that, then bring it up on the Apache developers 
list.

Original comment by Graham.Dumpleton@gmail.com on 31 Aug 2010 at 5:24

GoogleCodeExporter commented 8 years ago 
Well this is still a bug in your code ;)

Original comment by db.pub.m...@gmail.com on 31 Aug 2010 at 5:25

GoogleCodeExporter commented 8 years ago 
I will go and file a bug in apache then :)

Original comment by db.pub.m...@gmail.com on 31 Aug 2010 at 5:27

GoogleCodeExporter commented 8 years ago 
https://issues.apache.org/bugzilla/show_bug.cgi?id=49847

Original comment by db.pub.m...@gmail.com on 31 Aug 2010 at 5:40

GoogleCodeExporter commented 8 years ago 
See also issue 209 which was created instead of comment being added here.

Original comment by Graham.Dumpleton@gmail.com on 1 Sep 2010 at 3:42