bug in ngx_palloc

Henry H henry.houfeng at gmail.com
Mon Sep 28 06:03:32 UTC 2015

Previous message (by thread): HTTP2 Firefox Compatibility
Next message (by thread): bug in ngx_palloc
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi everyone,

I just happened to find a bug in ngx_palloc,

m = ngx_align_ptr(p->d.last, NGX_ALIGNMENT);

After 'm' is aligned, it might bigger than p->d.end. So the following
statement will be wrong:

if ((size_t) (p->d.end - m) >= size)

It should be changed to:
if ( (m<p->d.end) && ((size_t) (p->d.end - m) >= size))

Regards,
Henry

Previous message (by thread): HTTP2 Firefox Compatibility
Next message (by thread): bug in ngx_palloc
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the nginx-devel mailing list