Segfault in NGINX - testcase

double nginx-forum at nginx.us
Fri Mar 19 23:19:43 MSK 2010


Hello,

NGINX will segfault, if you delete the root node in an rbtree with
two elements. Testcase:
http://doppelbauer.name/nginx-testcase.c

A patch is attached below.

Thanks  a lot
Markus Doppelbauer


*** a/core/ngx_rbtree.c 2010-03-19 21:07:14.342916081 +0100
--- b/core/ngx_rbtree.c 2010-03-19 21:07:56.642187263 +0100
*************** ngx_rbtree_delete(ngx_thread_volatile ng
*** 187,193 ****
      if (subst == *root) {
          *root = temp;
          ngx_rbt_black(temp);
!
          /* DEBUG stuff */
          node->left = NULL;
          node->right = NULL;
--- 187,194 ----
      if (subst == *root) {
          *root = temp;
          ngx_rbt_black(temp);
!         temp->parent = NULL;                                  /* parent of root node should be NULL */
!
          /* DEBUG stuff */
          node->left = NULL;
          node->right = NULL;

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,65693,65693#msg-65693




More information about the nginx mailing list