Hi,
I just downloaded pound-2.0.2, built it (Solaris 5.7) and tried it out, 
but after a few requests it SEGV'ed in match_service

(gdb) bt
#0  0xff078d88 in __regexec_C () from /usr/lib/libc.so.1
#1  0x1bc8c in match_service (svc=0x511d8,
     request=0x7f <Address 0x7f out of bounds>, headers=0x4ec5c) at 
svc.c:488
#2  0x1bdc0 in get_service (lstn=0x511d8, request=0xfee8df90 "/",
     headers=0x4ec5c) at svc.c:520
#3  0x14d48 in thr_http (arg=0x511d8) at http.c:829
(gdb) up
#1  0x1bc8c in match_service (svc=0x511d8,
     request=0x7f <Address 0x7f out of bounds>, headers=0x4ec5c) at 
svc.c:488

Had a look at the code and this is where it's failing:

         for(found = i = 0; i < MAXHEADERS && !found; i++)
             if(headers[i] && !regexec(&m->pat, headers[i], 0,
NULL, 0))
                 found = 1;

The problem is that when thr_http calls get_service it does not pass the 
whole headers array but &headers[1] (skipping the request line).  In the 
existing code, i runs off the end of the array.

I include a patch, in which I also move the test for headers[i] into the 
loop test, making the loop terminate earlier.

Regards,[...]

On Wed, 2006-03-15 at 16:46 +0000, Colin Hogben wrote:[...]

Many thanks Colin. I just uploaded a corrected 2.0.3 version with pretty
much your patch (except you can't stop on the first NULL header as they
may occur in the middle of the array - see the code for header removal).
I also fixed this problem in a couple of other places where it occurred.

I encourage everybody to upgrade to this latest release - the problem is
serious.[...]