[PATCH] Fixing an obvious segfault in ngx_http_upstream
agentzh
agentzh at gmail.com
Sat May 1 07:45:15 MSD 2010
Hi,
I ran into a segfault while debugging one of my modules due to a bug
in the ngx_http_upstream_create function. Here's the quick patch
diff -udTr nginx-0.8.36/src/http/ngx_http_upstream.c
nginx-0.8.36-patched/src/http/ngx_http_upstream.c
--- nginx-0.8.36/src/http/ngx_http_upstream.c 2010-01-30
00:45:14.000000000 +0800
+++ nginx-0.8.36-patched/src/http/ngx_http_upstream.c 2010-05-01
11:40:40.252227964 +0800
@@ -365,8 +365,6 @@
if (u && u->cleanup) {
r->main->count++;
ngx_http_upstream_cleanup(r);
- *u->cleanup = NULL;
- u->cleanup = NULL;
}
u = ngx_pcalloc(r->pool, sizeof(ngx_http_upstream_t));
That is, ngx_http_upstream_cleanup will also clear both *u->cleanup
and u->cleanup, so doing *u->cleanup = NULL again after the call will
cause segfault (writing to a NULL pointer). This issue exists in nginx
0.8.36 and as old as at 0.8.29 :)
Cheers,
-agentzh
More information about the nginx-devel
mailing list