From: Paul J. Reder Date: Tue, 3 Feb 2004 15:30:58 +0000 (+0000) Subject: *) Fix segfault in mod_mem_cache cache_insert() due to cache size X-Git-Tag: 2.0.49~165 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a60d628fb2101c45fe33db4c8e5fc69f58824a3a;p=thirdparty%2Fapache%2Fhttpd.git *) Fix segfault in mod_mem_cache cache_insert() due to cache size becoming negative. PR: 21285, 21287 Submitted by: Bill Stoddard, Massimo Torquati, Jean-Jacques Clar Reviewed by: stoddard, rederpj, trawick git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/APACHE_2_0_BRANCH@102489 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 959a5b75d60..b6c2aeb2d9e 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,9 @@ Changes with Apache 2.0.49 + *) Fix segfault in mod_mem_cache cache_insert() due to cache size + becoming negative. PR: 21285, 21287 + [Bill Stoddard, Massimo Torquati, Jean-Jacques Clar] + *) core.c: If large file support is enabled, allow any file that is greater than AP_MAX_SENDFILE to be split into multiple buckets. This allows Apache to send files that are greater than 2gig. diff --git a/STATUS b/STATUS index fbd6a7064b3..438db870502 100644 --- a/STATUS +++ b/STATUS @@ -1,5 +1,5 @@ APACHE 2.0 STATUS: -*-text-*- -Last modified at [$Date: 2004/02/02 13:18:07 $] +Last modified at [$Date: 2004/02/03 15:30:57 $] Release: @@ -90,11 +90,6 @@ PATCHES TO BACKPORT FROM 2.1 jerenkrantz: Why is rm not application/vnd.rn-realmedia as in PR 26079? +1: nd, trawick - * Fix segfault in mod_mem_cache cache_insert() due to cache size - becoming negative. PR: 21285, 21287 - http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/experimental/mod_mem_cache.c?r1=1.99&r2=1.100 - +1: stoddard, rederpj, trawick - * Replace some of the mutex locking in the worker MPM with atomic operations for higher concurrency. server/mpm/worker/fdqueue.c 1.24, 1.25 diff --git a/modules/experimental/mod_mem_cache.c b/modules/experimental/mod_mem_cache.c index 6b8962e0281..bcade9febd8 100644 --- a/modules/experimental/mod_mem_cache.c +++ b/modules/experimental/mod_mem_cache.c @@ -1035,7 +1035,28 @@ static apr_status_t write_body(cache_handle_t *h, request_rec *r, apr_bucket_bri if (sconf->lock) { apr_thread_mutex_lock(sconf->lock); } - cache_remove(sconf->cache_cache, obj); + if (obj->cleanup) { + /* If obj->cleanup is set, the object has been prematurly + * ejected from the cache by the garbage collector. Add the + * object back to the cache. If an object with the same key is + * found in the cache, eject it in favor of the completed obj. + */ + cache_object_t *tmp_obj = + (cache_object_t *) cache_find(sconf->cache_cache, obj->key); + if (tmp_obj) { + cache_remove(sconf->cache_cache, tmp_obj); + sconf->object_cnt--; + sconf->cache_size -= mobj->m_len; + tmp_obj->cleanup = 1; + if (!tmp_obj->refcount) { + cleanup_cache_object(tmp_obj); + } + } + obj->cleanup = 0; + } + else { + cache_remove(sconf->cache_cache, obj); + } mobj->m_len = obj->count; cache_insert(sconf->cache_cache, obj); sconf->cache_size -= (mobj->m_len - obj->count);