nginx + my module crashes only when ignore client abort = on
mdounin at mdounin.ru
Sun Mar 17 23:52:13 UTC 2013
On Sun, Mar 17, 2013 at 05:47:24AM -0400, gadh wrote:
Below just couple of comments. Outlined problems are enough to
cause arbitrary segmentation faults, and I haven't looked for
> ngx_memzero(&sr->headers_in, sizeof(sr->headers_in));
Note: this ruins original request headers. It's enough to cause
> // do not inherit rb from parent
> sr->request_body = ngx_palloc(r->pool, sizeof(ngx_http_request_body_t));
> // note: always alloc bufs even if ptr is lid - since its garbage from
> former request ! (caused seg fault in mod_proxy !)
> sr->request_body->bufs = ngx_alloc_chain_link(r->pool);
> // post body - re-populate , do not inherit from parent
> sr->request_body->bufs->buf = buf;
> sr->request_body->bufs->next = NULL;
> sr->request_body->buf = buf;
Note: you allocate request body structure and only initialize some
of it's members. E.g. sr->request_body->temp_file remains
uninitialized and will likely be dereferenced, resulting in
You have to at least change ngx_palloc() to ngx_pcalloc().
> BTW, is there any "nginx subrequest coding guide" documentation available ?
> its very confusing and lacks much info on the web, i got it working only
> thru alot of trial-and-error.
Subrequests are dead simple in it's supported form: you just call
ngx_http_subrequest() in a body filter, and the result is added to
the output at the appropriate point. Good sample is available in
What you try to do with subrequests isn't really supported (the
fact that it works - is actually a side effect of subrequests
processing rewrite in 0.7.25), hence no guides.
More information about the nginx