nginx + my module crashes only when ignore client abort = on

Maxim Dounin mdounin at
Sun Mar 17 23:52:13 UTC 2013


On Sun, Mar 17, 2013 at 05:47:24AM -0400, gadh wrote:

Below just couple of comments.  Outlined problems are enough to 
cause arbitrary segmentation faults, and I haven't looked for 


> 	ngx_memzero(&sr->headers_in, sizeof(sr->headers_in));

Note: this ruins original request headers.  It's enough to cause 


> 	// do not inherit rb from parent
> 	sr->request_body = ngx_palloc(r->pool, sizeof(ngx_http_request_body_t));
> 	NGX_aaa_CHECK_ALLOC_AND_RETURN(sr->request_body)
> 	// note: always alloc bufs even if ptr is lid - since its garbage from
> former request ! (caused seg fault in mod_proxy !)
> 	sr->request_body->bufs = ngx_alloc_chain_link(r->pool);
> 	NGX_aaa_CHECK_ALLOC_AND_RETURN(sr->request_body->bufs)
> 	// post body - re-populate , do not inherit from parent
> 	sr->request_body->bufs->buf = buf;
> 	sr->request_body->bufs->next = NULL;
> 	sr->request_body->buf = buf;

Note: you allocate request body structure and only initialize some 
of it's members.  E.g. sr->request_body->temp_file remains 
uninitialized and will likely be dereferenced, resulting in 
segmentation fault.

You have to at least change ngx_palloc() to ngx_pcalloc().


> BTW, is there any "nginx subrequest coding guide" documentation available ?
> its very confusing and lacks much info on the web, i got it working only
> thru alot of trial-and-error.

Subrequests are dead simple in it's supported form: you just call 
ngx_http_subrequest() in a body filter, and the result is added to 
the output at the appropriate point.  Good sample is available in 

What you try to do with subrequests isn't really supported (the 
fact that it works - is actually a side effect of subrequests 
processing rewrite in 0.7.25), hence no guides.

Maxim Dounin

More information about the nginx mailing list