Project

General

Profile

Actions

Bug #281

closed

Segfault on config syntax error

Added by Anonymous about 16 years ago. Updated about 15 years ago.

Status:
Fixed
Priority:
Normal
Category:
core
Target version:
-
ASK QUESTIONS IN Forums:

Description

If you use double ()'s like so


server.modules = ((
    ...
))

you'll get a segmentation fault. The above case isn't likely, but it's easy to do on accident on stuff that has lots of nested ()'s.


#0  0x08068c6b in config_insert_values_internal (srv=0x8071008, ca=0x8071590, 
    cv=0xbfa9a4e8) at configfile-glue.c:56
56                            log_error_write(srv, __FILE__, __LINE__, "sssbs", "unexpected type for key: ", cv[i].key, "[", da->value->data[i]->key, "](string)");
(gdb) bt
#0  0x08068c6b in config_insert_values_internal (srv=0x8071008, ca=0x8071590, 
    cv=0xbfa9a4e8) at configfile-glue.c:56
#1  0x08069106 in config_insert_values_global (srv=0x8071008, ca=0x8071590, 
    cv=0xbfa9a4e8) at configfile-glue.c:153
#2  0x0805628f in config_insert (srv=0x8071008) at configfile.c:187
#3  0x080585f9 in config_read (srv=0x8071008, fn=0xbfa9b214 "lighttpd.conf")
    at configfile.c:993
#4  0x0804d247 in main (argc=5, argv=0xbfa9ab44) at server.c:339
(gdb) b configfile-glue.c:56
Breakpoint 1 at 0x8068c58: file configfile-glue.c, line 56.
(gdb) r -Df ~/.lighttpd/lighttpd.conf -m src/.libs
Starting program: /home/ka0ttic/code/lighttpd/branches/lighttpd-merge-1.4.x/src/lighttpd -Df ~/.lighttpd/lighttpd.conf -m src/.libs
[Thread debugging using libthread_db enabled]
[New Thread -1209805136 (LWP 28957)]
[Switching to Thread -1209805136 (LWP 28957)]

Breakpoint 1, config_insert_values_internal (srv=0x8071008, ca=0x8071590, cv=0xbf8d7008)
    at configfile-glue.c:56
56                            log_error_write(srv, __FILE__, __LINE__, "sssbs", "unexpected type for key: ", cv[i].key, "[", da->value->data[i]->key, "](string)");
(gdb) print i
$1 = 9
(gdb) print cv[i].key
$2 = 0x806c218 "server.modules" 
(gdb) print da->value->data[i]->key
Cannot access memory at address 0x4
(gdb) print da->value->data[i]
$3 = (data_unset *) 0x0

-- Aaron Walker <ka0ttic

Actions #1

Updated by jan about 16 years ago

  • Status changed from New to Fixed
  • Resolution set to fixed

fixed in r724

Actions

Also available in: Atom