[Issues] [apr_memcache 0000065]: Bug in apr_memcache_stats routine

issues at outoforder.cc issues at outoforder.cc
Mon Oct 23 14:55:28 EDT 2006 

The following issue has been RESOLVED. 
====================================================================== 
http://issues.outoforder.cc/view.php?id=65 
====================================================================== 
Reported By:                michelnok
Assigned To:                chip
====================================================================== 
Project:                    apr_memcache
Issue ID:                   65
Category:                   Security Issue
Reproducibility:            always
Severity:                   crash
Priority:                   normal
Status:                     resolved
Resolution:                 fixed
Fixed in Version:           -TRUNK
====================================================================== 
Date Submitted:             10-23-2006 14:52 EDT
Last Modified:              10-23-2006 14:55 EDT
====================================================================== 
Summary:                    Bug in apr_memcache_stats routine
Description: 
There is a bug in apr_memcache_stats routine.

The code:

apr_memcache_stats_t *ret;
...
ret = apr_pcalloc(p, sizeof(apr_memcache_stats_t *));

is wrong because it allocates memory with size of _pointer_ to
apr_memcache_stats_t structure. But then this memory is used as
_structure_.
The right code should be:

ret = apr_pcalloc(p, sizeof(apr_memcache_stats_t));

====================================================================== 

---------------------------------------------------------------------- 
 chip - 10-23-06 14:54  
---------------------------------------------------------------------- 
This issue was fixed in the new version of APR memcache that is part of
APR-Util:
http://svn.apache.org/repos/asf/apr/apr-util/trunk/memcache/apr_memcache.c 

---------------------------------------------------------------------- 
 chip - 10-23-06 14:55  
---------------------------------------------------------------------- 
Fixed in trunk. 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
10-23-06 14:52  michelnok      New Issue                                    
10-23-06 14:54  chip           Note Added: 0000083                          
10-23-06 14:55  chip           Status                   new => resolved     
10-23-06 14:55  chip           Fixed in Version          => -TRUNK          
10-23-06 14:55  chip           Resolution               open => fixed       
10-23-06 14:55  chip           Assigned To               => chip            
10-23-06 14:55  chip           Note Added: 0000084                          
======================================================================

More information about the Issues mailing list