Heap corruption in win32 compiled by VC

bigplum nginx-forum at nginx.us
Wed Jul 13 09:36:38 MSD 2011


I checkout the newest code from svn and compiled it by vc, but an
exception occurred. So I modified cl option to -MTd compiled again.
The windbg shows that CheckBytes function return false when calling
ngx_free() at ngx_shmem.c:43.

I think that ngx_sprintf must put more than name's alloc size bytes into
name, So I use ngx_snprintf to replace ngx_sprintf. The problem
disappeared. Is it useful?

    name = ngx_alloc(shm->name.len + 2 + sizeof(NGX_INT32_LEN),
shm->log);
    if (name == NULL) {
        return NGX_ERROR;
    }

-    (void) ngx_sprintf(name, "%V_%s%Z", &shm->name, ngx_unique);
+    (void) ngx_snprintf(name, shm->name.len + 2 +
sizeof(NGX_INT32_LEN), 
+                                    "%V_%s%Z", &shm->name, ngx_unique);

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,212315,212315#msg-212315




More information about the nginx mailing list