Segfault in NGINX - testcase

Maxim Dounin mdounin at mdounin.ru
Sat Mar 20 23:30:28 MSK 2010


Hello!

On Sat, Mar 20, 2010 at 04:43:56AM -0400, double wrote:

> Hello,
> 
> The root node of the nginx-rbtree is *always* NULL, because
> "ngx_rbtree_insert()" provides that feature. Only if the rbtree
> has 2 elements and you delete the root node, then "parent" of the
> root-node points to the deleted element. Why not fixing it?

As you already pointed out, there is at least one place where 
root->parent becomes non-NULL (and I'm not sure it's the only 
place where it happens).  And this doesn't cause any harm as nginx 
doesn't assume it should be NULL.

While I tend to think that it's good idea to keep it NULL at least 
with NGX_DEBUG defined (to simplify debugging) - there is no bug 
here.  The bug is in your tree traversal code which tries to use 
assumption that root->parent == NULL.  And even if your patch will 
be applied (it's up to Igor anyway) - your tree traversal code 
should be fixed if you are planning to use it somewhere in 
production.

Maxim Dounin



More information about the nginx mailing list