[nginx] HTTP/2: fixed a segfault while processing unbuffered upload.

Valentin Bartenev vbart at nginx.com
Thu Jun 16 17:56:31 UTC 2016


details:   http://hg.nginx.org/nginx/rev/d45845a6c96a
branches:  
changeset: 6587:d45845a6c96a
user:      Valentin Bartenev <vbart at nginx.com>
date:      Thu Jun 16 20:55:11 2016 +0300
description:
HTTP/2: fixed a segfault while processing unbuffered upload.

The ngx_http_v2_finalize_connection() closes current stream, but that is an
invalid operation while processing unbuffered upload.  This results in access
to already freed memory, since the upstream module sets a cleanup handler that
also finalizes the request.

diffstat:

 src/http/v2/ngx_http_v2.c |  4 ----
 1 files changed, 0 insertions(+), 4 deletions(-)

diffs (14 lines):

diff -r 1064ea81ed3a -r d45845a6c96a src/http/v2/ngx_http_v2.c
--- a/src/http/v2/ngx_http_v2.c	Thu Jun 09 16:55:38 2016 +0300
+++ b/src/http/v2/ngx_http_v2.c	Thu Jun 16 20:55:11 2016 +0300
@@ -4169,10 +4169,6 @@ ngx_http_v2_finalize_connection(ngx_http
 
     c->error = 1;
 
-    if (h2c->state.stream) {
-        ngx_http_v2_close_stream(h2c->state.stream, NGX_HTTP_BAD_REQUEST);
-    }
-
     if (!h2c->processing) {
         ngx_http_close_connection(c);
         return;



More information about the nginx-devel mailing list