[PATCH] Fixing an obvious segfault in ngx_http_upstream
Igor Sysoev
igor at sysoev.ru
Fri May 14 16:49:36 MSD 2010
On Fri, May 14, 2010 at 04:39:47PM +0400, Maxim Dounin wrote:
> Hello!
>
> On Fri, May 14, 2010 at 01:31:23PM +0400, Igor Sysoev wrote:
>
> > On Wed, May 05, 2010 at 01:18:53PM +0400, Maxim Dounin wrote:
> >
> > > Hello!
> > >
> > > On Wed, May 05, 2010 at 11:38:41AM +0400, Igor Sysoev wrote:
> > >
> > > > On Tue, May 04, 2010 at 10:38:20AM +0800, agentzh wrote:
> > > >
> > > > > On Tue, May 4, 2010 at 3:11 AM, Igor Sysoev <igor at sysoev.ru> wrote:
> > > > > >
> > > > > > You should test u->cleanup before *u->cleanup = NULL.
> > > > > > This code has appeared in 0.8.33:
> > > > > >
> > > > >
> > > > > Hi, Igor,
> > > > >
> > > > > It is *YOU* who didn't test u->cleanup before *u->cleanup in
> > > > > ngx_http_upstream_create ;)
> > > > >
> > > > > Please read my patch more carefully. To emphasize, in
> > > > > ngx_http_upstream_create, the ngx_http_upstream_cleanup call first
> > > > > clears u->cleanup but you later set *u->cleanup to NULL, which leads
> > > > > to segfault.
> > > > >
> > > > > There's no code written by myself, all in your nginx core ;)
> > > > >
> > > > > I don't see how it is relevant to your fastcgi fixes in 0.8.33. This
> > > > > bug appeared at least in nginx 0.8.29 :)
> > > >
> > > > Yes, thank you, this is my fault.
> > > > Strangely, I did not see segfaults on my production servers.
> > >
> > > I believe this codepath can't be triggered in official nginx.
> >
> > It may trigger if you use something like this:
> >
> > location / {
> > proxy/fastcgi/memcached_pass
> > error_page 404 502 503 = @fallback;
> > }
> >
> > location @fallback {
> > proxy/fastcgi/memcached_pass
> > }
>
> How? Every code path in upstream module I could see (including
> early errors and ngx_http_upstream_intercept_errors()) calls
> ngx_http_upstream_finalize_request() which will clear u->cleanup.
>
> The only idea I have is something like error 400 due to client closed
> connection after POST with proxy_ignore_client_abort on; directed
> to proxied location, but this is due to bug in
> proxy_ignore_client_abort implementation.
The cache should be enabled in the first location:
location / {
proxy/fastcgi_pass
error_page 404 502 503 = @fallback;
proxy_cache_valid 404 502 504 1m;
}
location @fallback {
proxy/fastcgi_pass
}
--
Igor Sysoev
http://sysoev.ru/en/
More information about the nginx-devel
mailing list