[PATCH] http_request: fix a segmentation fault

Maxim Dounin mdounin at mdounin.ru
Wed May 27 00:01:16 MSD 2009


Hello!

On Tue, May 26, 2009 at 10:56:35PM +0400, Kirill A. Korinskiy wrote:

> Если ngx_list_init/ngx_pcalloc/ngx_pcalloc возвращает ошибку, то nginx
> благополучно падает.

> >From 76806c28062d0c28857d2cd5b6637a193cc722c1 Mon Sep 17 00:00:00 2001
> From: Kirill A. Korinskiy <catap at catap.ru>
> Date: Tue, 26 May 2009 22:31:42 +0400
> Subject: [PATCH] http_request: fix a segmentation fault
> Cc: catap at catap.ru
> 
> If ngx_list_init/ngx_pcalloc/ngx_pcalloc return a NGX_ERROR nginx have
> a segmentation fault, because r->main and r->variables have a NULL
> ---
>  src/http/ngx_http_request.c |    6 +++---
>  1 files changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
> index c9c6db7..080253c 100644
> --- a/src/http/ngx_http_request.c
> +++ b/src/http/ngx_http_request.c
> @@ -449,13 +449,13 @@ ngx_http_init_request(ngx_event_t *rev)
>                        sizeof(ngx_table_elt_t))
>          != NGX_OK)
>      {
> -        ngx_http_close_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR);
> +        ngx_http_close_connection(c);

А кто будет уничтожать request pool здесь и далее?  Он уже создан.

Maxim Dounin

p.s. Content-Type application/octet-stream для патча - это 
хороший, правильный выбор.  Задача стояла "чтобы никто не 
прочитал"? :)

>          return;
>      }
>  
>      r->ctx = ngx_pcalloc(r->pool, sizeof(void *) * ngx_http_max_module);
>      if (r->ctx == NULL) {
> -        ngx_http_close_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR);
> +        ngx_http_close_connection(c);
>          return;
>      }
>  
> @@ -464,7 +464,7 @@ ngx_http_init_request(ngx_event_t *rev)
>      r->variables = ngx_pcalloc(r->pool, cmcf->variables.nelts
>                                          * sizeof(ngx_http_variable_value_t));
>      if (r->variables == NULL) {
> -        ngx_http_close_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR);
> +        ngx_http_close_connection(c);
>          return;
>      }
>  
> -- 
> 1.6.2
> 

> 
> 
> -- 
> wbr, Kirill





More information about the nginx-ru mailing list