This patch has since been applied to all relevant official releases (apache, apache2, Str), so there is no need to apply it anymore... regards, -lukas Date: Thu, 26 Apr 2001 23:11:15 +0200 From: Lukas Schroeder Subject: segmentation fault in ap_snprintf in 1.3.19 and 2.0.16 This piece of code triggers the segfault which terminates the app after severe stack damage occurring in ap_snprintf.c:ap_cvt(). #include extern int ap_snprintf(char *buf, int len, char *fmt, ...); void main(void) { double inf = 1.0/0.0; /* 0.0/0.0 for nan */ char out[10]; printf ("printf: %f\n", inf); ap_snprintf(out, 10, "%f", inf); printf ("ap_snprintf: %s\n", out); } printf() handles this case by printing "inf" or "nan". I posted the patch i prepared to fix this at the end of this mail. It is against 1.3.19. Apache 2.0.16 Beta is also affected; it can be fixed in the same manner. regards, Lukas Schroeder --- apache_1.3.19-orig/src/ap/ap_snprintf.c Mon Jan 15 18:04:14 2001 +++ apache_1.3.19/src/ap/ap_snprintf.c Thu Apr 26 22:41:19 2001 @@ -152,7 +152,7 @@ */ if (fi != 0) { p1 = &buf[NDIG]; - while (fi != 0) { + while (p1 > &buf[0] && fi != 0) { fj = modf(fi / 10, &fi); *--p1 = (int) ((fj + .03) * 10) + '0'; r2++; @@ -931,17 +931,29 @@ /* * * We use &num_buf[ 1 ], so that we have room for the sign */ - s = conv_fp(*fmt, fp_num, alternate_form, - (adjust_precision == NO) ? FLOAT_DIGITS : precision, - &is_negative, &num_buf[1], &s_len); - if (is_negative) - prefix_char = '-'; - else if (print_sign) - prefix_char = '+'; - else if (print_blank) - prefix_char = ' '; - break; + if (isnan(fp_num)) { + s = "nan"; + s_len = 3; + } + else if (isinf(fp_num)) { + s = "inf"; + s_len = 3; + } + else { + s = conv_fp(*fmt, fp_num, alternate_form, + (adjust_precision == NO) ? FLOAT_DIGITS : precision, + &is_negative, &num_buf[1], &s_len); + if (is_negative) + prefix_char = '-'; + else if (print_sign) + prefix_char = '+'; + else if (print_blank) + prefix_char = ' '; + + } + + break; case 'g': case 'G':