[PATCH] Fixing memory overflow issues in ngx_resolver's debug logging code

Maxim Dounin mdounin at mdounin.ru
Sun Jun 3 23:23:32 UTC 2012


Hello!

On Fri, Jun 01, 2012 at 06:14:58PM +0800, agentzh wrote:

> Hello!
> 
> I've noticed a small memory overflow issue in ngx_resolver's debug
> logging code that was caught by Valgrind/Memcheck on Linux x86_64.
> 
> Basically, when calling ngx_log_debug6 from within
> ngx_resolver_process_response, the "%ui" formatter is incorrectly used
> for int-typed values "(query->nns_hi << 8) + query->nns_lo" and
> "(query->nar_hi << 8) + query->nar_lo".
> 
> Below attaches a patch for nginx 1.3.0 :)
> 
> Hope this helps,
> -agentzh
> 
> --- nginx-1.3.0/src/core/ngx_resolver.c	2012-05-14 17:13:45.000000000 +0800
> +++ nginx-1.3.0-patched/src/core/ngx_resolver.c	2012-06-01
> 18:08:06.512047421 +0800
> @@ -1035,7 +1035,7 @@
>      nan = (query->nan_hi << 8) + query->nan_lo;
> 
>      ngx_log_debug6(NGX_LOG_DEBUG_CORE, r->log, 0,
> -                   "resolver DNS response %ui fl:%04Xui %ui/%ui/%ui/%ui",
> +                   "resolver DNS response %ui fl:%04Xui %ui/%ui/%ud/%ud",
>                     ident, flags, nqs, nan,
>                     (query->nns_hi << 8) + query->nns_lo,
>                     (query->nar_hi << 8) + query->nar_lo);

Committed, thnx.

Maxim Dounin



More information about the nginx-devel mailing list