[PATCH 05 of 31] Upstream: properly allocate memory for tried flags
Maxim Dounin
mdounin at mdounin.ru
Mon Jun 27 21:06:35 MSD 2011
# HG changeset patch
# User Maxim Dounin <mdounin at mdounin.ru>
# Date 1309178286 -14400
# Node ID 70fb845ff6f1c7e2a9f769828667c84475d4d341
# Parent 17e39a3878e658143550e64b7b728a537ac78a4a
Upstream: properly allocate memory for tried flags.
Previous allocation only took into account number of non-backup servers, and
this caused memory corruption with many backup servers.
See report here:
http://nginx.org/pipermail/nginx/2011-May/026531.html
diff --git a/src/http/ngx_http_upstream_round_robin.c b/src/http/ngx_http_upstream_round_robin.c
--- a/src/http/ngx_http_upstream_round_robin.c
+++ b/src/http/ngx_http_upstream_round_robin.c
@@ -219,13 +219,18 @@ ngx_http_upstream_init_round_robin_peer(
rrp->peers = us->peer.data;
rrp->current = 0;
- if (rrp->peers->number <= 8 * sizeof(uintptr_t)) {
+ n = rrp->peers->number;
+
+ if (rrp->peers->next && rrp->peers->next->number > n) {
+ n = rrp->peers->next->number;
+ }
+
+ if (n <= 8 * sizeof(uintptr_t)) {
rrp->tried = &rrp->data;
rrp->data = 0;
} else {
- n = (rrp->peers->number + (8 * sizeof(uintptr_t) - 1))
- / (8 * sizeof(uintptr_t));
+ n = (n + (8 * sizeof(uintptr_t) - 1)) / (8 * sizeof(uintptr_t));
rrp->tried = ngx_pcalloc(r->pool, n * sizeof(uintptr_t));
if (rrp->tried == NULL) {
More information about the nginx-devel
mailing list