DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=35924>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=35924 Summary: ISAPI redirector accesses freed memory Product: Tomcat 5 Version: 5.5.9 Platform: PC OS/Version: Windows XP Status: NEW Severity: normal Priority: P2 Component: Native:JK AssignedTo: tomcat-dev@jakarta.apache.org ReportedBy: [EMAIL PROTECTED] In init_jk of iis/jk_isapi_plugin.c, the worker_env is constructed from a map allocated in that function, which is subsequently freed before init_jk exits. The worker names (and some other strings) are copied from the map into the worker_env, and subsequently into the worker structs themselves. Later, when the worker name is accessed, freed memory is accessed and bogus data is used. e.g. p->worker->name in ajp_done in jk_ajp_common.c Mercifully, the fields concerned seem only to be used in debug logging statements, so this hasn't caused any crashes - even in debug mode all you see is a stream of ÝÝÝÝÝÝÝÝ characters. mod_jk may avoid this issue, as the config map is passed from Apache to the module, and is presumably kept around, although I haven't tested that theory. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
