[PATCH 0 of 2] Two allocation failure path errors

Markus Linnala Markus.Linnala at cybercom.com
Sun Aug 17 20:00:28 UTC 2014

I've found two of allocation failure path problems with clear way to
test them.

ngx_regex_compile logs uninitialized memory if allocation
fails. Mark error message as zero length to prevent errors.
Example valgrind output of a case when usin nginx-test rewrite.t:

   150      rc->regex = NULL; // ngx_pcalloc(rc->pool, sizeof(ngx_regex_t));

==20818== Syscall param write(buf) points to uninitialised byte(s)
==20818==    at 0x3EEB00E800: __write_nocancel (in /usr/lib64/libpthread-2.18.so)
==20818==    by 0x404B1F: ngx_log_error_core (ngx_files.h:147)
==20818==    by 0x412AD3: ngx_conf_log_error (ngx_conf_file.c:936)
==20818==    by 0x43CF37: ngx_http_regex_compile (ngx_http_variables.c:2312)
==20818==    by 0x45F980: ngx_http_rewrite (ngx_http_rewrite_module.c:337)
==20818==    by 0x4135C0: ngx_conf_parse (ngx_conf_file.c:391)
==20818==    by 0x42A080: ngx_http_core_location (ngx_http_core_module.c:3286)
==20818==    by 0x4135C0: ngx_conf_parse (ngx_conf_file.c:391)
==20818==    by 0x42A2BB: ngx_http_core_server (ngx_http_core_module.c:3058)
==20818==    by 0x4135C0: ngx_conf_parse (ngx_conf_file.c:391)
==20818==    by 0x425C52: ngx_http_block (ngx_http.c:239)
==20818==    by 0x4135C0: ngx_conf_parse (ngx_conf_file.c:391)
==20818==  Address 0xffeffd955 is on thread 1's stack

And there is emerg message with cleary uninitialized memory.

Allocating etags can fail and we still print it when sending
Internal Server Error message because we set hash to 1 before
failing allocation. This can be tested with not_modified.t from
nginx-tests. Exceprt error message when allocation fails:

  1838      etag->value.data = NULL; // ngx_pnalloc(r->pool, NGX_OFF_T_LEN + NGX_TIME_T_LEN + 3);

#                   'HTTP/1.1 500 Internal Server Error
# Server: nginx/1.7.5
# Date: Sun, 17 Aug 2014 19:30:15 GMT
# Content-Type: text/html
# Content-Length: 192
# Connection: close
# ETag: 
# <html>
# <head><title>500 Internal Server Error</title></head>
# <body bgcolor="white">
# <center><h1>500 Internal Server Error</h1></center>
# <hr><center>nginx/1.7.5</center>
# </body>
# </html>
# '

