PATCH: Initialize 'ch' with 'ngx_memzero' to prevent the use of uninitialized bytes.

囧 尼 johnnywang1991 at msn.com
Thu Apr 15 08:59:16 UTC 2021


# HG changeset patch
# User Johnny Wang <johnnywang1991 at msn.com>
# Date 1618472983 -28800
#      Thu Apr 15 15:49:43 2021 +0800
# Node ID a5903fe55622e839906e9544c1a08a66c1e0cf91
# Parent  b56c45e3bd5029f98e1e847eebad75430e2cca27
Initialize 'ch' with 'ngx_memzero' to prevent the use of uninitialized bytes.

I found the following error when running nginx with valgrind:

==31539== Syscall param sendmsg(msg.msg_iov[0]) points to uninitialised byte(s)
==31539== at 0x5047C50: __sendmsg_nocancel (in /lib64/libpthread-2.17.so)
==31539== by 0x44A6F8: ngx_write_channel (ngx_channel.c:79)
==31539== by 0x44C19A: ngx_pass_open_channel (ngx_process_cycle.c:481)
==31539== by 0x44C21A: ngx_start_worker_processes (ngx_process_cycle.c:385)
==31539== by 0x44E0BA: ngx_master_process_cycle (ngx_process_cycle.c:241)
==31539== by 0x424719: main (nginx.c:386)
==31539== Address 0x1ffefffabc is on thread 1's stack
==31539== in frame #2, created by ngx_pass_open_channel (ngx_process_cycle.c:455)
==31539==
{
<insert_a_suppression_name_here>
Memcheck:Param
sendmsg(msg.msg_iov[0])
fun:__sendmsg_nocancel
fun:ngx_write_channel
fun:ngx_pass_open_channel
fun:ngx_start_worker_processes
fun:ngx_master_process_cycle
fun:main
}

diff -r b56c45e3bd50 -r a5903fe55622 src/os/unix/ngx_process_cycle.c
--- a/src/os/unix/ngx_process_cycle.c   Tue Apr 13 18:13:59 2021 +0300
+++ b/src/os/unix/ngx_process_cycle.c   Thu Apr 15 15:49:43 2021 +0800
@@ -398,6 +398,8 @@
     ngx_int_t      i;
     ngx_channel_t  ch;
+    ngx_memzero(&ch, sizeof(ngx_channel_t));
+
     ch.command = NGX_CMD_OPEN_CHANNEL;
     ch.pid = ngx_processes[ngx_process_slot].pid;
     ch.slot = ngx_process_slot;

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20210415/3e1abd2f/attachment.htm>


More information about the nginx-devel mailing list