[PATCH] Fixing memory overflow issues in ngx_resolver's debug logging code
Maxim Dounin
mdounin at mdounin.ru
Sun Jun 3 23:23:32 UTC 2012
Hello!
On Fri, Jun 01, 2012 at 06:14:58PM +0800, agentzh wrote:
> Hello!
>
> I've noticed a small memory overflow issue in ngx_resolver's debug
> logging code that was caught by Valgrind/Memcheck on Linux x86_64.
>
> Basically, when calling ngx_log_debug6 from within
> ngx_resolver_process_response, the "%ui" formatter is incorrectly used
> for int-typed values "(query->nns_hi << 8) + query->nns_lo" and
> "(query->nar_hi << 8) + query->nar_lo".
>
> Below attaches a patch for nginx 1.3.0 :)
>
> Hope this helps,
> -agentzh
>
> --- nginx-1.3.0/src/core/ngx_resolver.c 2012-05-14 17:13:45.000000000 +0800
> +++ nginx-1.3.0-patched/src/core/ngx_resolver.c 2012-06-01
> 18:08:06.512047421 +0800
> @@ -1035,7 +1035,7 @@
> nan = (query->nan_hi << 8) + query->nan_lo;
>
> ngx_log_debug6(NGX_LOG_DEBUG_CORE, r->log, 0,
> - "resolver DNS response %ui fl:%04Xui %ui/%ui/%ui/%ui",
> + "resolver DNS response %ui fl:%04Xui %ui/%ui/%ud/%ud",
> ident, flags, nqs, nan,
> (query->nns_hi << 8) + query->nns_lo,
> (query->nar_hi << 8) + query->nar_lo);
Committed, thnx.
Maxim Dounin
More information about the nginx-devel
mailing list