[BUG] Memory overflow and infinite loop

lanshun zhou zls.sogou at gmail.com
Fri Jul 8 20:55:14 MSD 2011


1) Large cache key cause core dump as reported here:
http://forum.nginx.org/read.php?2,182995,209970#msg-209970
When the length of cache key is bigger than buffer_size, receiving of
backend response will cause memory overflow and core dump

2) When servers in backup state are more than in not-backup state, the
buffer rrp->tried points to may be not enough for backup group.
When all normal servers are fail, rrp->tried is reset to 0, according to the
number of servers in backup group.
See ngx_http_upstream_init_round_robin_peer, line 531 and line 552,

3) In ngx_http_upstream_get_peer, when all servers are marked as “down”,
while we have backups alive, this function will never return,
because weight is set to zero for down servers, and current_weight has no
chance to be bigger than 0.
Although all servers marked as down is not a good idea, infinite loop should
not happen 


Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nginx.org/pipermail/nginx-devel/attachments/20110709/2be14b71/attachment.html>


More information about the nginx-devel mailing list