fcl-web: Exception in DoHandleRequest leads to memory fault while freeing
Original Reporter info from Mantis: uaply
-
Reporter name:
Original Reporter info from Mantis: uaply
- Reporter name:
Description:
File 'custhttpapp.pp' has piece of code which clean-ups Request and Response objects:
procedure TFPHTTPServerHandler.HTTPHandleRequest begin // Exceptions are handled by (Do)HandleRequest. It also frees the response/request DoHandleRequest(ARequest,AResponse); ARequest:=Nil; &LtPos;-- this code is skipped if exception occurs AResponse:=Nil; &LtPos;-- this code is skipped if exception occurs [...]
The problem arise if some exceptions occurs inside TWebHandler.DoHandleRequest procedure. In such case DoHandleRequest successfully frees objects, but calling HTTPHandleRequest have no chance to Nil variables.
Next is coming following procedure
procedure TFPHTTPConnection.HandleRequest; [...] if Server.Active then Server.HandleRequest(Req,Resp); if Assigned(Resp) and (not Resp.ContentSent) then Resp.SendContent; finally FreeAndNil(Resp); end; Finally FreeAndNil(Req); end; [...]
It tries to run FreeAndNil(Resp), but the problem is 'Resp' object is already freed, but still not Nil-ed.
So SIGSEGV happens.
Steps to reproduce:
To reproduce one needs to raise exception from inside of error handler.
Attached file demonstrates the problem.
Additional information:
The simples solution is to use try-finally block:
procedure TFPHTTPServerHandler.HTTPHandleRequest begin // Exceptions are handled by (Do)HandleRequest. It also frees the response/request try DoHandleRequest(ARequest,AResponse); finally ARequest:=Nil; AResponse:=Nil; end; [...]
Mantis conversion info:
- Mantis ID: 24799
- Version: 2.7.1
- Fixed in version: 3.0.0
- Fixed in revision: 25179 (#db0585f3)
- Target version: 3.0.0