DragonFly bugs List (threaded) for 2008-05
DragonFly BSD
DragonFly bugs List (threaded) for 2008-05
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: [issue1006] digest is down; suggestions welcome


From: "Dionysus Blazakis" <dion.blazakis@xxxxxxxxx>
Date: Wed, 14 May 2008 14:49:14 -0400

It seems there was an off-by-one error in the strspn code in our libc.
 The buffer was a byte too small and resulted in overwriting the saved
ebx which was the offset to the GOT -- but only if strspn was used
with a \xff in the second string.

I have a patch here:
http://dblaz.beevomit.org/dfly/strspn.patch

I've verified it fixes the PHP problem.  Also, I tested it against a
small program that called strspn with a \xff in the second string and
verified that ebx was correctly restored (unlike prior to the patch).

-- Dion

On Wed, May 14, 2008 at 2:32 PM, Joerg Sonnenberger
<joerg@britannica.bec.de> wrote:
> On Wed, May 14, 2008 at 11:30:19AM -0400, Justin C. Sherrill wrote:
>> Antonio Huete Jimenez wrote:
>>> Antonio Huete Jimenez <tuxillo@quantumachine.net> added the comment:
>>>
>>> What about the commits between 1.12.1 and 1.12.2 related with threading lib?
>>
>> I'm still using the same threading library in both cases - libc_r.
>
> I've been seeing random PHP segfaults lately in the module init code.
> That's a standalone PHP using FastCGI.
>
> Joerg
>



[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]