bug in ngx_palloc
Maxim Dounin
mdounin at mdounin.ru
Mon Sep 28 20:08:54 UTC 2015
Hello!
On Mon, Sep 28, 2015 at 04:03:32PM +1000, Henry H wrote:
> Hi everyone,
>
> I just happened to find a bug in ngx_palloc,
>
> m = ngx_align_ptr(p->d.last, NGX_ALIGNMENT);
>
> After 'm' is aligned, it might bigger than p->d.end. So the following
> statement will be wrong:
>
> if ((size_t) (p->d.end - m) >= size)
>
> It should be changed to:
> if ( (m<p->d.end) && ((size_t) (p->d.end - m) >= size))
The problem here can only happen if p->d.end is not properly
aligned. This is not something expected to happen with correct
use of the pool allocation interface. See here for further
details:
https://trac.nginx.org/nginx/ticket/686
--
Maxim Dounin
http://nginx.org/
More information about the nginx-devel
mailing list