nginx 0.8.41 segfaults in ngx_list_push

Roman Vasilyev roman at anchorfree.com
Mon Jun 21 22:13:47 MSD 2010


Hi,

patch below are fixing this problem:
diff -Naur nginx-0.8.42/src/core/ngx_list.c 
nginx-0.8.42.new/src/core/ngx_list.c
--- nginx-0.8.42/src/core/ngx_list.c    2006-10-11 05:47:11.000000000 -0700
+++ nginx-0.8.42.new/src/core/ngx_list.c    2010-06-21 
11:11:04.000000000 -0700
@@ -42,7 +42,7 @@

      last = l->last;

-    if (last->nelts == l->nalloc) {
+    if (last && (last->nelts == l->nalloc)) {

          /* the last part is full, allocate a new list part */


On 06/21/2010 10:57 AM, Roman Vasilyev wrote:
> Hi,
>
> I'm not using any of this functions and as I can see mod_gzip not 
> calling this functions too but is uses ngx_list_push.
>
> here is parts of my code:
>
>     static ngx_int_t ngx_http_header_add(ngx_http_request_t *r, char 
> *key, ngx_str_t value)
> {
>     ngx_table_elt_t *h;
>
>     if (!key || value.len==0)
>         return -1;
>
>     h = ngx_list_push(&r->headers_in.headers); <==
>     if (h == NULL) {
>         return -1;
>     }
> .............................
> .............................
> .............................
> static ngx_int_t ngx_http_af_header_filter(ngx_http_request_t *r)
> {
>     ngx_http_af_headers_loc_conf_t *afcf = 
> ngx_http_get_module_loc_conf( r, ngx_http_af_headers_module );
>     if (!afcf->headers_enabled)
>         return NGX_OK;
>
>     if (afcf->path && r->connection->sockaddr->sa_family == AF_INET) {
>         struct sockaddr_in *sin = (struct sockaddr_in *) 
> r->connection->sockaddr;
>         af_struct_t *ret=af_struct_get(r, afcf->path, 
> sin->sin_addr.s_addr);
>         if (!ret)
>            return NGX_OK;
>         ngx_http_header_add(r, "AF", ret->af);
> .............................
> .............................
> .............................
> static ngx_int_t ngx_http_af_headers_init(ngx_conf_t *cf)
> {
>   ngx_http_core_main_conf_t *cmcf = 
> ngx_http_conf_get_module_main_conf(cf, ngx_http_core_module);
>
>   ngx_http_handler_pt *h = 
> ngx_array_push(&cmcf->phases[NGX_HTTP_REWRITE_PHASE].handlers);
>   if (h == NULL) {
>       return NGX_ERROR;
>   }
>
>   *h = ngx_http_af_header_filter;
>
>   ngx_http_next_header_filter = ngx_http_top_header_filter;
>   ngx_http_top_header_filter = ngx_http_sub_header_filter;
>
>   ngx_http_next_body_filter = ngx_http_top_body_filter;
>   ngx_http_top_body_filter = ngx_http_af_filter;
>
>   return NGX_OK;
> }
>
>
> On 06/18/2010 07:10 PM, Piotr Sikora wrote:
>> Hi,
>>
>>> seems like in this function sometimes l->last could be NULL.
>>
>> Not likely, but you're probably misusing ngx_list.
>>
>> Are you sure that your "AF headers" module uses either 
>> ngx_list_create() or ngx_list_init()?
>>
>> Best regards,
>> Piotr Sikora < piotr.sikora at frickle.com >
>>
>>
>>
>> _______________________________________________
>> nginx mailing list
>> nginx at nginx.org
>> http://nginx.org/mailman/listinfo/nginx
>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://nginx.org/mailman/listinfo/nginx




More information about the nginx mailing list