nginx 0.8.41 segfaults in ngx_list_push
mdounin at mdounin.ru
Mon Jun 21 22:18:33 MSD 2010
On Mon, Jun 21, 2010 at 10:57:06AM -0700, Roman Vasilyev wrote:
> I'm not using any of this functions and as I can see mod_gzip not
> calling this functions too but is uses ngx_list_push.
> here is parts of my code:
> static ngx_int_t ngx_http_header_add(ngx_http_request_t *r, char
> *key, ngx_str_t value)
> ngx_table_elt_t *h;
> if (!key || value.len==0)
> return -1;
> h = ngx_list_push(&r->headers_in.headers); <==
You shouldn't attempt to modify r->headers_in, it's not safe
operation to do.
And r->headers_in are known to sometimes be in an inconsistent
state - e.g. in subrequests, where they are partially copied from
parent request, but members needed for manipulations aren't
correctly initialized (as request headers were already parsed and
no further manipulations expected).
More information about the nginx