bug report for nginx version: nginx/1.3.6

Maxim Dounin mdounin at mdounin.ru
Fri Oct 5 10:09:45 UTC 2012


Hello!

On Fri, Oct 05, 2012 at 04:05:42PM +0800, Wang Tiefeng wrote:

> Hi!
>      When buf > last - 50, buf (= last - 50) is an invalid memory address.
> And the follow lines write on this invalid memoy.  AIthough, bufs for log
> in nginx are all bigger than 50, the function does not depend on this. At
> least , I think this funciton is not robust。

As I already said, the code depends on the buffer being at least 
50 bytes long.  Much like the other fact that the "last" pointer 
should mark buffer end.

As long as the function is used correctly - there is no problem.  
If it's used incorrectly (i.e. with buffer less than 50 bytes 
long) - there will be a problem, but not in a function itself, but 
in the code which uses it incorrectly.

Maxim Dounin

> 
> 
> 2012/10/4 Maxim Dounin <mdounin at mdounin.ru>
> 
> > Hello!
> >
> > On Thu, Oct 04, 2012 at 06:42:42PM +0800, Wang Tiefeng wrote:
> >
> > > Recently,I start to read nginx source code.
> > > I chose nginx/1.3.6 a relatively new version。
> > >
> > > When I read file ngx_log.c, the function ngx_log_errno() confused me .
> > >
> > > There may be some bugs in the following codes :
> > >  238     if (buf > last - 50) {
> > > 239
> > > 240         /* leave a space for an error code */
> > > 241
> > > 242         buf = last - 50;
> > > 243         *buf++ = '.';
> > > 244         *buf++ = '.';
> > > 245         *buf++ = '.';
> > > 246     }
> > >
> > > Althoug,I am not sure about my judgment,valgrind reports invalid write on
> > > line 243.
> >
> > See no problem here.  The code depends on the fact that the buffer
> > used for printing errors is at least 50 bytes long, and the "last"
> > pointer marks it's end, but it looks perfectly safe as long as
> > ngx_log_errno() is used correctly.
> >
> > --
> > Maxim Dounin
> > http://nginx.com/support.html
> >
> > _______________________________________________
> > nginx-devel mailing list
> > nginx-devel at nginx.org
> > http://mailman.nginx.org/mailman/listinfo/nginx-devel

> _______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel


-- 
Maxim Dounin
http://nginx.com/support.html



More information about the nginx-devel mailing list