[PATCH 05 of 31] Upstream: properly allocate memory for tried flags

Maxim Dounin mdounin at mdounin.ru
Mon Jun 27 21:06:35 MSD 2011


# HG changeset patch
# User Maxim Dounin <mdounin at mdounin.ru>
# Date 1309178286 -14400
# Node ID 70fb845ff6f1c7e2a9f769828667c84475d4d341
# Parent  17e39a3878e658143550e64b7b728a537ac78a4a
Upstream: properly allocate memory for tried flags.

Previous allocation only took into account number of non-backup servers, and
this caused memory corruption with many backup servers.

See report here:

http://nginx.org/pipermail/nginx/2011-May/026531.html

diff --git a/src/http/ngx_http_upstream_round_robin.c b/src/http/ngx_http_upstream_round_robin.c
--- a/src/http/ngx_http_upstream_round_robin.c
+++ b/src/http/ngx_http_upstream_round_robin.c
@@ -219,13 +219,18 @@ ngx_http_upstream_init_round_robin_peer(
     rrp->peers = us->peer.data;
     rrp->current = 0;
 
-    if (rrp->peers->number <= 8 * sizeof(uintptr_t)) {
+    n = rrp->peers->number;
+
+    if (rrp->peers->next && rrp->peers->next->number > n) {
+        n = rrp->peers->next->number;
+    }
+
+    if (n <= 8 * sizeof(uintptr_t)) {
         rrp->tried = &rrp->data;
         rrp->data = 0;
 
     } else {
-        n = (rrp->peers->number + (8 * sizeof(uintptr_t) - 1))
-                / (8 * sizeof(uintptr_t));
+        n = (n + (8 * sizeof(uintptr_t) - 1)) / (8 * sizeof(uintptr_t));
 
         rrp->tried = ngx_pcalloc(r->pool, n * sizeof(uintptr_t));
         if (rrp->tried == NULL) {



More information about the nginx-devel mailing list