Bug #1855

malloc wrong size in mod_accesslog

Added by ycheng about 6 years ago. Updated almost 6 years ago.

Status:FixedStart date:2008-12-22
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:mod_accesslog
Target version:1.4.21
Missing in 1.5.x:

Description

http://redmine.lighttpd.net/repositories/entry/lighttpd/branches/lighttpd-1.4.x/src/mod_accesslog.c

Function:
int accesslog_parse_format(server *srv, format_fields *fields, buffer *format)

Line 172:
fields->ptr = malloc(fields->size * sizeof(format_fields * ));
should be
fields->ptr = malloc(fields->size * sizeof(format_field * ));
Line 175:
fields->ptr = realloc(fields->ptr, fields->size * sizeof(format_fields * ));
should be
fields->ptr = realloc(fields->ptr, fields->size * sizeof(format_field * ));

They are all pointers, so it may be not so serious. But
Line 178:
fields->ptr[fields->used] = malloc(sizeof(format_fields));
should be
fields->ptr[fields->used] = malloc(sizeof(format_field));

Lighttpd runs ok because format_field and format_fields are the same size.

If I was right. It happened many times below in this function.

Associated revisions

Revision 2379
Added by stbuehler almost 6 years ago

Fix wrong malloc sizes in mod_accesslog (probably nothing bad happened...) (fixes #1855, thx ycheng)

Revision 2450
Added by stbuehler over 5 years ago

merge: Fix wrong malloc sizes in mod_accesslog (probably nothing bad happened...) (#1855, thx ycheng)

History

#1 Updated by icy almost 6 years ago

  • Priority changed from Urgent to Normal
  • Target version set to 1.4.21

#2 Updated by stbuehler almost 6 years ago

Good catch! Thank you.

#3 Updated by stbuehler almost 6 years ago

  • Status changed from New to Fixed
  • % Done changed from 0 to 100

Applied in changeset r2379.

Also available in: Atom